Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Probleme nach Virensann mit Malwarebytes (https://www.trojaner-board.de/98180-probleme-virensann-malwarebytes.html)

Flitzer8 26.04.2011 13:10
Probleme nach Virensann mit Malwarebytes
 
Hallo zusammen,

Gestern sagte mir mein System, dass meine Festplatte im kritischen Zustand ist (die exakte Fehlermeldung weiß ich leider nicht mehr).
Ich konnte auf einmal meinen Desktophintergrund in die dortigen Dateien nicht mehr sehen. Auch meine zwei Laufwerke waren verschwunden.
Nach einigem Googlen kam ich auf euer Forum und führte die Anleitung zum Entfernen des Plagegeists via "Malwarebytes-Anti Malware" durch. Vielen Dank für die super Anleitung!!!
Ich wollte aber sichergehen, ob nun wirklich alles wieder in Ordnung ist und euch bitten, mal über die heute durchgeführten logfiles zu schaun, die ich nach dem Löschen der Malware erstellt habe.

Einige Problem habe ich außerdem:
- die Ordner bzw. Dateien, die ich nach dem Befall nicht sehen konnte erscheinen jetzt nur blass und sind wohl weiterhin "unsichtbar". Die würde ich gerne wieder "normal sehen".
- meine Schnellstartleiste ist nicht mehr vorhanden. Was muss ich hier machen?
= im Grunde will ich einfach wieder da sein, wo ich vor dem Befall war;)

Vielen Dank für eure Antworten und eure Hilfe!




Danke für Eure Bemühung!

Viele Grüße,

cosinus 27.04.2011 20:11
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Flitzer8 27.04.2011 20:51
Hier noch die restlichen beiden:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

26.04.2011 13:05:43
mbam-log-2011-04-26 (13-05-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177028
Laufzeit: 4 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnTUynXQPRYn (Trojan.FakeAlert) -> Value: lnTUynXQPRYn -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\lntuynxqpryn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Simon\AppData\Local\Temp\jar_cache824831397000996081.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Simon\AppData\Local\Temp\tmp6411.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Simon\AppData\Local\Temp\tmp6412.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

26.04.2011 13:16:36
mbam-log-2011-04-26 (13-16-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176890
Laufzeit: 6 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 28.04.2011 09:48
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Flitzer8 28.04.2011 17:56
Hallo,

Vielen Dank erstmal!
Hier nun die Log-files...
(Hoffe es ist kein Problem, wenn ich die so poste.)OTL Logfile:
Code:
OTL logfile created on: 28.04.2011 18:45:40 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 112,55 Gb Free Space | 37,00% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (HssSrv) -- M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys ()
DRV:64bit: - (vsdatant7) -- C:\Windows\SysNative\drivers\vsdatant.win7.sys ()
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys ()
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys ()
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys ()
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys ()
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (Vsdatant) -- C:\Windows\SysWOW64\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.08.03 11:17:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 19:34:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:34:23 | 000,000,000 | ---D | M]
 
[2009.09.06 20:45:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions
[2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions
[2010.09.09 23:11:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.24 21:28:07 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.08 22:10:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.24 21:28:05 | 000,000,000 | -H-D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\engine@conduit.com
[2009.11.07 15:31:39 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\moveplayer@movenetworks.com
[2010.11.05 20:44:05 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\toolbar@ask.com
[2010.12.18 12:14:06 | 000,002,386 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\askcom.xml
[2010.08.08 22:35:51 | 000,000,881 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\conduit.xml
[2010.05.21 07:37:19 | 000,000,694 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icq-search.xml
[2010.07.23 23:01:52 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-1.xml
[2010.08.03 11:56:03 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-2.xml
[2010.09.17 16:43:36 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-3.xml
[2010.10.21 17:12:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-4.xml
[2010.10.28 19:49:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-5.xml
[2010.11.02 19:27:02 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-6.xml
[2010.12.10 00:25:44 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-7.xml
[2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin.xml
[2011.03.24 19:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.07 10:31:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS)
O24 - Desktop WallPaper: B:\Fotos\col di tenna 48 kehren.JPG
O24 - Desktop BackupWallPaper: B:\Fotos\col di tenna 48 kehren.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 18:44:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2011.04.27 13:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.27 13:26:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.26 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2011.04.26 12:42:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.26 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.26 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.26 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.18 20:15:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.18 20:14:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.04.18 20:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.18 20:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.04.18 20:14:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.04.18 20:14:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.04.18 20:14:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.18 20:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.18 20:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.18 20:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.18 20:14:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.18 20:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.18 20:14:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.04.18 20:14:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.18 20:14:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.04.18 19:55:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.18 19:55:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.18 19:55:07 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.18 19:55:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.16 12:17:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.07 23:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\dvdcss
[2011.04.07 23:46:39 | 000,000,000 | RH-D | C] -- C:\Users\Simon\Dropbox
[2011.04.07 23:43:12 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.04.07 23:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Dropbox
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 18:44:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2011.04.28 18:38:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.28 18:31:32 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.28 18:31:32 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.28 18:31:32 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.28 18:31:32 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.28 18:31:31 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.28 18:24:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.04.28 18:24:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 18:24:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 18:24:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 18:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 18:23:55 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 20:25:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.27 20:06:31 | 000,120,059 | ---- | M] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg
[2011.04.27 17:22:09 | 001,298,927 | ---- | M] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg
[2011.04.26 12:42:33 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.20 17:02:01 | 000,929,073 | ---- | M] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf
[2011.04.20 16:48:44 | 000,466,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.11 22:41:59 | 000,676,867 | ---- | M] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf
[2011.04.11 22:31:02 | 000,003,771 | ---- | M] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png
[2011.04.07 23:46:39 | 000,000,943 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk
[2011.04.07 23:43:18 | 000,000,923 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.04.03 20:46:01 | 567,473,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.30 20:50:40 | 000,001,076 | ---- | M] () -- C:\Users\Simon\Desktop\DVDVideoSoft Free Studio.lnk
[2011.03.30 20:50:23 | 000,001,235 | ---- | M] () -- C:\Users\Simon\Desktop\Free YouTube to MP3 Converter.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 20:06:30 | 000,120,059 | ---- | C] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg
[2011.04.27 17:22:06 | 001,298,927 | ---- | C] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg
[2011.04.27 13:26:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.27 13:26:52 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.26 12:42:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 12:42:29 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.20 17:02:01 | 000,929,073 | ---- | C] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf
[2011.04.18 20:15:36 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011.04.18 20:15:36 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011.04.18 20:15:36 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011.04.18 20:15:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011.04.18 20:15:23 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011.04.18 20:15:17 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011.04.18 20:15:16 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011.04.18 20:15:16 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011.04.18 20:15:16 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011.04.18 20:15:16 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011.04.18 20:15:16 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011.04.18 20:15:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011.04.18 20:15:08 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011.04.18 20:15:08 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011.04.18 20:15:07 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.04.18 20:15:07 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011.04.18 20:15:03 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011.04.18 20:14:52 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.04.18 20:14:36 | 012,474,880 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.04.18 20:14:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011.04.18 20:14:35 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.04.18 20:14:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011.04.18 20:14:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011.04.18 20:14:35 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011.04.18 20:14:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011.04.18 20:14:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.04.18 20:14:34 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.04.18 20:14:34 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011.04.18 20:14:33 | 009,265,664 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.04.18 20:14:33 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.04.18 20:14:33 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.04.18 20:14:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.04.18 20:14:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.04.18 20:14:33 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.04.18 20:14:33 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011.04.18 20:14:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011.04.18 20:14:33 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.18 20:14:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011.04.18 20:14:32 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.04.18 20:14:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.04.18 20:14:31 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.04.18 20:14:31 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.04.18 19:55:11 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.04.18 19:55:11 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.04.18 19:55:05 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011.04.18 19:55:05 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011.04.16 12:17:22 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011.04.16 12:17:22 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011.04.16 12:17:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.11 22:41:59 | 000,676,867 | ---- | C] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf
[2011.04.11 22:31:01 | 000,003,771 | ---- | C] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png
[2011.04.07 23:46:39 | 000,000,943 | ---- | C] () -- C:\Users\Simon\Desktop\Dropbox.lnk
[2011.04.07 23:43:18 | 000,000,923 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.01.27 21:30:36 | 000,000,680 | -H-- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2010.04.13 19:35:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.18 20:45:37 | 000,000,287 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2009.12.01 21:28:40 | 000,000,738 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.23 23:41:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.07 11:45:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.09.07 11:45:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.09.07 11:36:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.09.07 11:24:03 | 000,013,824 | -H-- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.06 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.19 18:42:32 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.08.19 18:42:23 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009.04.10 16:25:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.20 23:30:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.20 23:23:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2009.01.20 22:25:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.01.20 22:25:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.12.21 18:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005.12.21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005.12.21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 18:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\SmAgentAPI.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll

< End of report >
--- --- ---



und numero 2:OTL Logfile:
Code:
OTL Extras logfile created on: 28.04.2011 18:45:40 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 112,55 Gb Free Space | 37,00% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438201D-B550-4E8C-818B-347A6D36D103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{106894E9-1BA7-4A5F-A4D4-33FDE5106358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A303ADC-97DB-4DC3-8B4D-4615FE46BACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3791D0FF-5FD9-42EE-846C-3E70E2F6F8B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4578BA01-4B80-4D18-A099-DAE0B2767989}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5115DB12-E003-4DA0-AD9E-1CC7CA43BA74}" = rport=137 | protocol=17 | dir=out | app=system |
"{5707A0D9-5548-4C75-9675-4DA944A00032}" = lport=137 | protocol=17 | dir=in | app=system |
"{574127EC-0043-43C5-BEF8-62E2E1E84BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BDD1944-26A5-42BE-A6CA-2A71DEA34A9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7713CD86-3A72-4FB8-AF32-10E8B344B89C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CB60216-D7A1-49DE-83D0-84AD7EE331D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B8A5BB-A6FD-44A2-9870-672603CE1C76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CB46B2F-71EA-49C6-843B-5114FB2E933B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A40771FB-C2EB-468E-B550-7850393C40D4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A57B0E94-3A36-40FF-BFBC-0E4AD69DB60F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2449BA1-A19D-43BB-BB69-182DB0D22676}" = rport=138 | protocol=17 | dir=out | app=system |
"{C53A846C-14D1-4F61-BD5D-C5FCAA380788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDA31F94-A68A-4306-927C-EA59D297497E}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECC8EFD0-FAA9-48C7-88EC-9BFEE3BEC360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C063101-DFC2-450B-91F7-104A3F854F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22CAECDF-654D-471E-905A-1B3FDCA41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{27BEE1D2-32FD-4232-8A29-FBD6BD58C9DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{282F7FAC-A04B-46C9-9E42-973763BA73D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2C940D4B-9A4D-4F19-A28C-7AA1A73798E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2D6F20A0-8989-41C0-B43C-00C835759201}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2E5C646F-6494-4EC4-B20E-0B5124162C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315A3B0E-F62C-4D2C-AFF3-87F64A0940EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33D10481-0B2E-4745-93EF-0B94642A135D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{38EDBBB3-8850-4A0A-8AB9-474AB008E04A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CDDF021-B6AC-438A-9AEB-036FD1E85D44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1A84AC-9FA2-4285-B228-29CC6370D957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41DF348F-A215-4B0E-BA7B-6EE68D790493}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4999FB34-8D08-4445-A658-D626F92BB10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4CE03C81-1A95-4DB1-89E5-8C5254A9168F}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{4FB1FC07-A88E-4594-AA5C-A45FAAE5B797}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5007D994-9E6F-4735-BEA6-C7AC0FB42E56}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5D9B6CC4-9AD9-45BE-BEA1-5A240E850E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A0DFE0-3B2B-4825-9F14-BF06EA15020C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67AF118F-9D53-45A6-99C5-A78997981D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{6C5AD1C5-2BE2-43D8-9C9F-C60BD208B7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CFE09EF-25E4-401D-9C65-D72E30FAC2E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70D8F053-2477-4A3C-A280-6E26B6F7CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{733B7B2E-C64C-4E19-BC3B-DA932D601FC0}" = protocol=6 | dir=out | app=system |
"{776370B5-DDD5-4891-8CBB-C3C697DB0AD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E73CA7D-BFBD-47D4-B634-74F79BEF71F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80C54D19-AD8D-45FC-94A3-50F02880F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{83BCBE00-0D15-476C-BFE2-235A835B398C}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{83E8A2A2-1571-4F8E-93A2-0D5A777CD580}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84B282E7-3DEB-4523-A300-DFD1A6E2773A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93B3CD9A-C53C-4F60-B02C-73297692C067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{947A8A3C-9F61-492C-8519-33460681A1B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9916902F-AD8C-4008-B940-5371F4AD6EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9D3DE192-1870-42F3-B190-2D6BB72D38AD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B06B5CF0-0671-41FF-968A-C7734B33FF01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B289C2AE-E9C5-4014-A512-B31315A8D905}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B95883CB-0585-49D5-9A1C-0D89D4F42404}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{C2172249-7DB9-400A-A537-01D56FBC8BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C7BEDD72-91D5-48B2-86A5-2DFFBAF94BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D3BC2BC1-932D-4733-BF08-64885577ECFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0655A11-DDF7-4CF0-98A3-C1EE8DC96AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E24613AB-8286-4111-82C6-F29B0FAB3849}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0A9E283-2501-4012-9BC6-E69DFAC070E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FBC703-2CD1-443D-9F72-E2EE02E76D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F327E4A6-AD17-482A-AF32-2BE7AC2D01E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F411B5D8-E463-4AB4-AB71-2ECD6761E4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F779254E-9D8C-4CE2-95E0-79D87760387A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{01B603A5-2148-466C-8EA6-FA6132E5BBC6}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{0D165BFB-5B38-4C9E-B0C2-904E2316CB64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{0D332E62-A243-4455-9B89-4538D1D9C9E0}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{30C7494B-C974-4DF5-A36B-41CCADD4B7BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45FFD5EE-5E7C-432A-82B6-96B1AD9538DD}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{5D0ED07E-FA33-44C3-8EF6-D51B534F609A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{6B417BBA-CE29-4EE9-8FB1-A14971F18A04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{7014571C-E4E4-44CC-A858-115D2E5F2537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8FEDAD34-BB1C-4683-B7CA-0CD64C78B6F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A19785F3-5D5C-4135-A297-6FBC811BA335}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{AB074781-47B5-446B-B8A3-2F0A43482031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B09E44D0-7824-4F09-842A-3D81A64AA3D1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E1D36F1C-C828-45CC-84BD-C542BBD0503B}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{E3E00404-034A-46EE-8A01-17E16F8C330E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E7086D08-9C87-418F-95E9-F771991EB413}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E94B11A2-7EAE-45D3-828E-E4F1D33E7DFE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{10B2115A-7CD8-41A9-A037-9E9317B3DE0F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{11C2CE2D-CB7F-4387-8092-901B24EFEFAC}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{16A2585D-A537-4991-A181-3CF22F274EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{231250DC-A90B-4106-B0B5-3AA0AF2E966E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{3BE58A5E-7FD8-4AB8-A660-5AFD9C3BC530}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{45E11649-1FDC-4685-BFDC-7594CEE8ABC2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{50CA96DC-F854-426B-88F9-838836727BBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7495DB40-882C-47E6-85A8-5FB5B84DB34F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{771DB1B0-AA2D-41FC-9994-54457A5D7241}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8E12BD63-F4EE-4D9C-8D2A-1D90D159307D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{ABE57845-FE68-4557-932E-794D5AC200C2}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{E0BC75B0-8D7D-499D-BC09-59D155BBFCD7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{EA79B58F-D74B-4908-B512-F1BC688582FE}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{F87299D3-47D0-4ED0-984C-6208CE944744}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{FAC3685D-7192-44F3-AD40-D741A452F493}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{FE0390C1-56D4-4216-B166-493255499D77}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS2009" = Norton Internet Security 2009
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FB6880-728F-4DF6-BEBB-046302A8E25A}" = ArcGIS Crystal Report Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition
"ArcGIS Tutorial Data" = ArcGIS Tutorial Data
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.57
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"SopCast" = SopCast 3.2.9
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.03.2011 12:06:00 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 27.03.2011 12:07:29 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.03.2011 15:25:46 | Computer Name = Simon-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 2.0.0.4094, Zeitstempel
 0x4d83749c, fehlerhaftes Modul NPSWF32.dll, Version 10.1.102.64, Zeitstempel 0x4cc0fe23,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000cb46c,  Prozess-ID 0xd78, Anwendungsstartzeit
 01cbecaebc3332f5.
 
Error - 28.03.2011 05:16:29 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28.03.2011 05:16:29 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28.03.2011 05:17:57 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 28.03.2011 15:30:33 | Computer Name = Simon-PC | Source = Application Hang | ID = 1002
Description = Programm TotalMedia.exe, Version 3.5.28.260 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: ea0  Anfangszeit: 01cbed6adf399400  Zeitpunkt
 der Beendigung: 113
 
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.03.2011 13:42:12 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 14.04.2010 16:15:18 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 322
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.04.2011 06:16:26 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.04.2011 06:17:56 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.04.2011 07:08:22 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.04.2011 07:09:51 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.04.2011 14:11:56 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.04.2011 14:13:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.04.2011 07:20:24 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 27.04.2011 07:21:52 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.04.2011 12:24:23 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 28.04.2011 12:26:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

Flitzer8 28.04.2011 17:57
Hallo,

Vielen Dank erstmal!
Hier nun die Log-files...
(Hoffe es ist kein Problem, wenn ich die so poste.)OTL Logfile:
Code:
OTL logfile created on: 28.04.2011 18:45:40 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 112,55 Gb Free Space | 37,00% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (HssSrv) -- M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys ()
DRV:64bit: - (vsdatant7) -- C:\Windows\SysNative\drivers\vsdatant.win7.sys ()
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys ()
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys ()
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys ()
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys ()
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (Vsdatant) -- C:\Windows\SysWOW64\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.08.03 11:17:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 19:34:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:34:23 | 000,000,000 | ---D | M]
 
[2009.09.06 20:45:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions
[2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions
[2010.09.09 23:11:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.24 21:28:07 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.08 22:10:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.24 21:28:05 | 000,000,000 | -H-D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\engine@conduit.com
[2009.11.07 15:31:39 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\moveplayer@movenetworks.com
[2010.11.05 20:44:05 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\toolbar@ask.com
[2010.12.18 12:14:06 | 000,002,386 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\askcom.xml
[2010.08.08 22:35:51 | 000,000,881 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\conduit.xml
[2010.05.21 07:37:19 | 000,000,694 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icq-search.xml
[2010.07.23 23:01:52 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-1.xml
[2010.08.03 11:56:03 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-2.xml
[2010.09.17 16:43:36 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-3.xml
[2010.10.21 17:12:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-4.xml
[2010.10.28 19:49:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-5.xml
[2010.11.02 19:27:02 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-6.xml
[2010.12.10 00:25:44 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-7.xml
[2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin.xml
[2011.03.24 19:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.07 10:31:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS)
O24 - Desktop WallPaper: B:\Fotos\col di tenna 48 kehren.JPG
O24 - Desktop BackupWallPaper: B:\Fotos\col di tenna 48 kehren.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 18:44:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2011.04.27 13:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.27 13:26:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.26 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2011.04.26 12:42:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.26 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.26 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.26 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.18 20:15:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.18 20:14:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.04.18 20:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.18 20:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.04.18 20:14:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.04.18 20:14:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.04.18 20:14:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.18 20:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.18 20:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.18 20:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.18 20:14:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.18 20:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.18 20:14:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.04.18 20:14:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.18 20:14:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.04.18 19:55:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.18 19:55:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.18 19:55:07 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.18 19:55:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.16 12:17:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.07 23:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\dvdcss
[2011.04.07 23:46:39 | 000,000,000 | RH-D | C] -- C:\Users\Simon\Dropbox
[2011.04.07 23:43:12 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.04.07 23:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Dropbox
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 18:44:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2011.04.28 18:38:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.28 18:31:32 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.28 18:31:32 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.28 18:31:32 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.28 18:31:32 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.28 18:31:31 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.28 18:24:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.04.28 18:24:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 18:24:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 18:24:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 18:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 18:23:55 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 20:25:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.27 20:06:31 | 000,120,059 | ---- | M] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg
[2011.04.27 17:22:09 | 001,298,927 | ---- | M] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg
[2011.04.26 12:42:33 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.20 17:02:01 | 000,929,073 | ---- | M] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf
[2011.04.20 16:48:44 | 000,466,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.11 22:41:59 | 000,676,867 | ---- | M] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf
[2011.04.11 22:31:02 | 000,003,771 | ---- | M] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png
[2011.04.07 23:46:39 | 000,000,943 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk
[2011.04.07 23:43:18 | 000,000,923 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.04.03 20:46:01 | 567,473,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.30 20:50:40 | 000,001,076 | ---- | M] () -- C:\Users\Simon\Desktop\DVDVideoSoft Free Studio.lnk
[2011.03.30 20:50:23 | 000,001,235 | ---- | M] () -- C:\Users\Simon\Desktop\Free YouTube to MP3 Converter.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 20:06:30 | 000,120,059 | ---- | C] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg
[2011.04.27 17:22:06 | 001,298,927 | ---- | C] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg
[2011.04.27 13:26:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.27 13:26:52 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.26 12:42:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 12:42:29 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.20 17:02:01 | 000,929,073 | ---- | C] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf
[2011.04.18 20:15:36 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011.04.18 20:15:36 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011.04.18 20:15:36 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011.04.18 20:15:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011.04.18 20:15:23 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011.04.18 20:15:17 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011.04.18 20:15:16 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011.04.18 20:15:16 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011.04.18 20:15:16 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011.04.18 20:15:16 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011.04.18 20:15:16 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011.04.18 20:15:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011.04.18 20:15:08 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011.04.18 20:15:08 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011.04.18 20:15:07 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.04.18 20:15:07 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011.04.18 20:15:03 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011.04.18 20:14:52 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.04.18 20:14:36 | 012,474,880 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.04.18 20:14:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011.04.18 20:14:35 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.04.18 20:14:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011.04.18 20:14:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011.04.18 20:14:35 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011.04.18 20:14:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011.04.18 20:14:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.04.18 20:14:34 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.04.18 20:14:34 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011.04.18 20:14:33 | 009,265,664 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.04.18 20:14:33 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.04.18 20:14:33 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.04.18 20:14:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.04.18 20:14:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.04.18 20:14:33 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.04.18 20:14:33 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011.04.18 20:14:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011.04.18 20:14:33 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.18 20:14:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011.04.18 20:14:32 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.04.18 20:14:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.04.18 20:14:31 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.04.18 20:14:31 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.04.18 19:55:11 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.04.18 19:55:11 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.04.18 19:55:05 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011.04.18 19:55:05 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011.04.16 12:17:22 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011.04.16 12:17:22 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011.04.16 12:17:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.11 22:41:59 | 000,676,867 | ---- | C] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf
[2011.04.11 22:31:01 | 000,003,771 | ---- | C] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png
[2011.04.07 23:46:39 | 000,000,943 | ---- | C] () -- C:\Users\Simon\Desktop\Dropbox.lnk
[2011.04.07 23:43:18 | 000,000,923 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.01.27 21:30:36 | 000,000,680 | -H-- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2010.04.13 19:35:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.18 20:45:37 | 000,000,287 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2009.12.01 21:28:40 | 000,000,738 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.23 23:41:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.07 11:45:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.09.07 11:45:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.09.07 11:36:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.09.07 11:24:03 | 000,013,824 | -H-- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.06 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.19 18:42:32 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.08.19 18:42:23 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009.04.10 16:25:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.20 23:30:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.20 23:23:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2009.01.20 22:25:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.01.20 22:25:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.12.21 18:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005.12.21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005.12.21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 18:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\SmAgentAPI.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll

< End of report >
--- --- ---




und numero 2:
OTL Logfile:
Code:
OTL Extras logfile created on: 28.04.2011 18:45:40 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 112,55 Gb Free Space | 37,00% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438201D-B550-4E8C-818B-347A6D36D103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{106894E9-1BA7-4A5F-A4D4-33FDE5106358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A303ADC-97DB-4DC3-8B4D-4615FE46BACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3791D0FF-5FD9-42EE-846C-3E70E2F6F8B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4578BA01-4B80-4D18-A099-DAE0B2767989}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5115DB12-E003-4DA0-AD9E-1CC7CA43BA74}" = rport=137 | protocol=17 | dir=out | app=system |
"{5707A0D9-5548-4C75-9675-4DA944A00032}" = lport=137 | protocol=17 | dir=in | app=system |
"{574127EC-0043-43C5-BEF8-62E2E1E84BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BDD1944-26A5-42BE-A6CA-2A71DEA34A9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7713CD86-3A72-4FB8-AF32-10E8B344B89C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CB60216-D7A1-49DE-83D0-84AD7EE331D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B8A5BB-A6FD-44A2-9870-672603CE1C76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CB46B2F-71EA-49C6-843B-5114FB2E933B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A40771FB-C2EB-468E-B550-7850393C40D4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A57B0E94-3A36-40FF-BFBC-0E4AD69DB60F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2449BA1-A19D-43BB-BB69-182DB0D22676}" = rport=138 | protocol=17 | dir=out | app=system |
"{C53A846C-14D1-4F61-BD5D-C5FCAA380788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDA31F94-A68A-4306-927C-EA59D297497E}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECC8EFD0-FAA9-48C7-88EC-9BFEE3BEC360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C063101-DFC2-450B-91F7-104A3F854F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22CAECDF-654D-471E-905A-1B3FDCA41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{27BEE1D2-32FD-4232-8A29-FBD6BD58C9DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{282F7FAC-A04B-46C9-9E42-973763BA73D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2C940D4B-9A4D-4F19-A28C-7AA1A73798E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2D6F20A0-8989-41C0-B43C-00C835759201}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2E5C646F-6494-4EC4-B20E-0B5124162C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315A3B0E-F62C-4D2C-AFF3-87F64A0940EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33D10481-0B2E-4745-93EF-0B94642A135D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{38EDBBB3-8850-4A0A-8AB9-474AB008E04A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CDDF021-B6AC-438A-9AEB-036FD1E85D44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1A84AC-9FA2-4285-B228-29CC6370D957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41DF348F-A215-4B0E-BA7B-6EE68D790493}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4999FB34-8D08-4445-A658-D626F92BB10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4CE03C81-1A95-4DB1-89E5-8C5254A9168F}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{4FB1FC07-A88E-4594-AA5C-A45FAAE5B797}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5007D994-9E6F-4735-BEA6-C7AC0FB42E56}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5D9B6CC4-9AD9-45BE-BEA1-5A240E850E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A0DFE0-3B2B-4825-9F14-BF06EA15020C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67AF118F-9D53-45A6-99C5-A78997981D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{6C5AD1C5-2BE2-43D8-9C9F-C60BD208B7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CFE09EF-25E4-401D-9C65-D72E30FAC2E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70D8F053-2477-4A3C-A280-6E26B6F7CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{733B7B2E-C64C-4E19-BC3B-DA932D601FC0}" = protocol=6 | dir=out | app=system |
"{776370B5-DDD5-4891-8CBB-C3C697DB0AD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E73CA7D-BFBD-47D4-B634-74F79BEF71F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80C54D19-AD8D-45FC-94A3-50F02880F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{83BCBE00-0D15-476C-BFE2-235A835B398C}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{83E8A2A2-1571-4F8E-93A2-0D5A777CD580}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84B282E7-3DEB-4523-A300-DFD1A6E2773A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93B3CD9A-C53C-4F60-B02C-73297692C067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{947A8A3C-9F61-492C-8519-33460681A1B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9916902F-AD8C-4008-B940-5371F4AD6EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9D3DE192-1870-42F3-B190-2D6BB72D38AD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B06B5CF0-0671-41FF-968A-C7734B33FF01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B289C2AE-E9C5-4014-A512-B31315A8D905}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B95883CB-0585-49D5-9A1C-0D89D4F42404}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{C2172249-7DB9-400A-A537-01D56FBC8BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C7BEDD72-91D5-48B2-86A5-2DFFBAF94BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D3BC2BC1-932D-4733-BF08-64885577ECFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0655A11-DDF7-4CF0-98A3-C1EE8DC96AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E24613AB-8286-4111-82C6-F29B0FAB3849}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0A9E283-2501-4012-9BC6-E69DFAC070E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FBC703-2CD1-443D-9F72-E2EE02E76D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F327E4A6-AD17-482A-AF32-2BE7AC2D01E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F411B5D8-E463-4AB4-AB71-2ECD6761E4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F779254E-9D8C-4CE2-95E0-79D87760387A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{01B603A5-2148-466C-8EA6-FA6132E5BBC6}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{0D165BFB-5B38-4C9E-B0C2-904E2316CB64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{0D332E62-A243-4455-9B89-4538D1D9C9E0}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{30C7494B-C974-4DF5-A36B-41CCADD4B7BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45FFD5EE-5E7C-432A-82B6-96B1AD9538DD}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{5D0ED07E-FA33-44C3-8EF6-D51B534F609A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{6B417BBA-CE29-4EE9-8FB1-A14971F18A04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{7014571C-E4E4-44CC-A858-115D2E5F2537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8FEDAD34-BB1C-4683-B7CA-0CD64C78B6F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A19785F3-5D5C-4135-A297-6FBC811BA335}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{AB074781-47B5-446B-B8A3-2F0A43482031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B09E44D0-7824-4F09-842A-3D81A64AA3D1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E1D36F1C-C828-45CC-84BD-C542BBD0503B}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{E3E00404-034A-46EE-8A01-17E16F8C330E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E7086D08-9C87-418F-95E9-F771991EB413}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E94B11A2-7EAE-45D3-828E-E4F1D33E7DFE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{10B2115A-7CD8-41A9-A037-9E9317B3DE0F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{11C2CE2D-CB7F-4387-8092-901B24EFEFAC}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{16A2585D-A537-4991-A181-3CF22F274EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{231250DC-A90B-4106-B0B5-3AA0AF2E966E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{3BE58A5E-7FD8-4AB8-A660-5AFD9C3BC530}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{45E11649-1FDC-4685-BFDC-7594CEE8ABC2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{50CA96DC-F854-426B-88F9-838836727BBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7495DB40-882C-47E6-85A8-5FB5B84DB34F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{771DB1B0-AA2D-41FC-9994-54457A5D7241}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8E12BD63-F4EE-4D9C-8D2A-1D90D159307D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{ABE57845-FE68-4557-932E-794D5AC200C2}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{E0BC75B0-8D7D-499D-BC09-59D155BBFCD7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{EA79B58F-D74B-4908-B512-F1BC688582FE}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{F87299D3-47D0-4ED0-984C-6208CE944744}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{FAC3685D-7192-44F3-AD40-D741A452F493}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{FE0390C1-56D4-4216-B166-493255499D77}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS2009" = Norton Internet Security 2009
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FB6880-728F-4DF6-BEBB-046302A8E25A}" = ArcGIS Crystal Report Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition
"ArcGIS Tutorial Data" = ArcGIS Tutorial Data
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.57
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"SopCast" = SopCast 3.2.9
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.03.2011 12:06:00 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 27.03.2011 12:07:29 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.03.2011 15:25:46 | Computer Name = Simon-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 2.0.0.4094, Zeitstempel
 0x4d83749c, fehlerhaftes Modul NPSWF32.dll, Version 10.1.102.64, Zeitstempel 0x4cc0fe23,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000cb46c,  Prozess-ID 0xd78, Anwendungsstartzeit
 01cbecaebc3332f5.
 
Error - 28.03.2011 05:16:29 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28.03.2011 05:16:29 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28.03.2011 05:17:57 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 28.03.2011 15:30:33 | Computer Name = Simon-PC | Source = Application Hang | ID = 1002
Description = Programm TotalMedia.exe, Version 3.5.28.260 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: ea0  Anfangszeit: 01cbed6adf399400  Zeitpunkt
 der Beendigung: 113
 
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.03.2011 13:42:12 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 14.04.2010 16:15:18 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 322
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.04.2011 06:16:26 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.04.2011 06:17:56 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.04.2011 07:08:22 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.04.2011 07:09:51 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.04.2011 14:11:56 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.04.2011 14:13:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.04.2011 07:20:24 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 27.04.2011 07:21:52 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.04.2011 12:24:23 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 28.04.2011 12:26:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

cosinus 28.04.2011 19:05
Ich wollte zuerst den Vollscan mit MBAM sehen...

Flitzer8 28.04.2011 22:37
Hier der komplett-scann...

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6447

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

28.04.2011 23:33:10
mbam-log-2011-04-28 (23-33-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|M:\|)
Durchsuchte Objekte: 392664
Laufzeit: 1 Stunde(n), 16 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 29.04.2011 10:33
Zitat:
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
Bitte zuerst das kontraproduktive ZoneAlarm deinstallieren und die Windows-Firewall einschalten. Starte den Rechner neu und mach frische OTL-Logs.

Flitzer8 29.04.2011 23:26
So, alles erledigt.
hier die otl-logs:OTL Logfile:
Code:
OTL logfile created on: 30.04.2011 00:06:17 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 115,72 Gb Free Space | 38,04% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (HssSrv) -- M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys ()
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys ()
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys ()
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys ()
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.08.03 11:17:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 19:34:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:34:23 | 000,000,000 | ---D | M]
 
[2009.09.06 20:45:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions
[2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions
[2010.09.09 23:11:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.24 21:28:07 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.08 22:10:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.24 21:28:05 | 000,000,000 | -H-D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\engine@conduit.com
[2009.11.07 15:31:39 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\moveplayer@movenetworks.com
[2010.11.05 20:44:05 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\toolbar@ask.com
[2010.12.18 12:14:06 | 000,002,386 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\askcom.xml
[2010.08.08 22:35:51 | 000,000,881 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\conduit.xml
[2010.05.21 07:37:19 | 000,000,694 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icq-search.xml
[2010.07.23 23:01:52 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-1.xml
[2010.08.03 11:56:03 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-2.xml
[2010.09.17 16:43:36 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-3.xml
[2010.10.21 17:12:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-4.xml
[2010.10.28 19:49:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-5.xml
[2010.11.02 19:27:02 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-6.xml
[2010.12.10 00:25:44 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-7.xml
[2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin.xml
[2011.03.24 19:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.07 10:31:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS)
O24 - Desktop WallPaper: B:\Fotos\col di tenna 48 kehren.JPG
O24 - Desktop BackupWallPaper: B:\Fotos\col di tenna 48 kehren.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.29 22:45:32 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.04.28 18:44:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2011.04.27 13:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.27 13:26:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.26 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2011.04.26 12:42:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.26 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.26 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.26 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.18 20:15:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.18 20:14:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.04.18 20:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.18 20:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.04.18 20:14:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.04.18 20:14:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.04.18 20:14:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.18 20:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.18 20:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.18 20:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.18 20:14:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.18 20:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.18 20:14:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.04.18 20:14:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.18 20:14:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.04.18 19:55:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.18 19:55:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.18 19:55:07 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.18 19:55:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.16 12:17:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.07 23:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\dvdcss
[2011.04.07 23:46:39 | 000,000,000 | RH-D | C] -- C:\Users\Simon\Dropbox
[2011.04.07 23:43:12 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.04.07 23:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Dropbox
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.29 23:38:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.29 22:51:05 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.29 22:51:05 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.29 22:51:05 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.29 22:51:05 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.29 22:51:05 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.29 22:45:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.29 22:44:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 22:44:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 22:44:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.04.29 22:44:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.29 22:44:47 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.28 18:44:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2011.04.27 20:25:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.27 20:06:31 | 000,120,059 | ---- | M] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg
[2011.04.27 17:22:09 | 001,298,927 | ---- | M] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg
[2011.04.26 12:42:33 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.20 17:02:01 | 000,929,073 | ---- | M] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf
[2011.04.20 16:48:44 | 000,466,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.11 22:41:59 | 000,676,867 | ---- | M] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf
[2011.04.11 22:31:02 | 000,003,771 | ---- | M] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png
[2011.04.07 23:46:39 | 000,000,943 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk
[2011.04.07 23:43:18 | 000,000,923 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.04.03 20:46:01 | 567,473,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 20:06:30 | 000,120,059 | ---- | C] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg
[2011.04.27 17:22:06 | 001,298,927 | ---- | C] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg
[2011.04.27 13:26:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.27 13:26:52 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.26 12:42:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 12:42:29 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.20 17:02:01 | 000,929,073 | ---- | C] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf
[2011.04.18 20:15:36 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011.04.18 20:15:36 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011.04.18 20:15:36 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011.04.18 20:15:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011.04.18 20:15:23 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011.04.18 20:15:17 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011.04.18 20:15:16 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011.04.18 20:15:16 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011.04.18 20:15:16 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011.04.18 20:15:16 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011.04.18 20:15:16 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011.04.18 20:15:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011.04.18 20:15:08 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011.04.18 20:15:08 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011.04.18 20:15:07 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.04.18 20:15:07 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011.04.18 20:15:03 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011.04.18 20:14:52 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.04.18 20:14:36 | 012,474,880 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.04.18 20:14:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011.04.18 20:14:35 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.04.18 20:14:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011.04.18 20:14:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011.04.18 20:14:35 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011.04.18 20:14:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011.04.18 20:14:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.04.18 20:14:34 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.04.18 20:14:34 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011.04.18 20:14:33 | 009,265,664 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.04.18 20:14:33 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.04.18 20:14:33 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.04.18 20:14:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.04.18 20:14:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.04.18 20:14:33 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.04.18 20:14:33 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011.04.18 20:14:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011.04.18 20:14:33 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.18 20:14:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011.04.18 20:14:32 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.04.18 20:14:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.04.18 20:14:31 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.04.18 20:14:31 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.04.18 19:55:11 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.04.18 19:55:11 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.04.18 19:55:05 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011.04.18 19:55:05 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011.04.16 12:17:22 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011.04.16 12:17:22 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011.04.16 12:17:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.11 22:41:59 | 000,676,867 | ---- | C] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf
[2011.04.11 22:31:01 | 000,003,771 | ---- | C] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png
[2011.04.07 23:46:39 | 000,000,943 | ---- | C] () -- C:\Users\Simon\Desktop\Dropbox.lnk
[2011.04.07 23:43:18 | 000,000,923 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.01.27 21:30:36 | 000,000,680 | -H-- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2010.04.13 19:35:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.18 20:45:37 | 000,000,287 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2009.12.01 21:28:40 | 000,000,738 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.23 23:41:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.07 11:45:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.09.07 11:45:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.09.07 11:36:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.09.07 11:24:03 | 000,013,824 | -H-- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.06 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.19 18:42:32 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.08.19 18:42:23 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009.04.10 16:25:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.20 23:30:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.20 23:23:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2009.01.20 22:25:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.01.20 22:25:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.12.21 18:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005.12.21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005.12.21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 18:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\SmAgentAPI.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll












OTL Extras logfile created on: 30.04.2011 00:06:17 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 115,72 Gb Free Space | 38,04% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438201D-B550-4E8C-818B-347A6D36D103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{106894E9-1BA7-4A5F-A4D4-33FDE5106358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A303ADC-97DB-4DC3-8B4D-4615FE46BACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3791D0FF-5FD9-42EE-846C-3E70E2F6F8B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4578BA01-4B80-4D18-A099-DAE0B2767989}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5115DB12-E003-4DA0-AD9E-1CC7CA43BA74}" = rport=137 | protocol=17 | dir=out | app=system |
"{5707A0D9-5548-4C75-9675-4DA944A00032}" = lport=137 | protocol=17 | dir=in | app=system |
"{574127EC-0043-43C5-BEF8-62E2E1E84BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BDD1944-26A5-42BE-A6CA-2A71DEA34A9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7713CD86-3A72-4FB8-AF32-10E8B344B89C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CB60216-D7A1-49DE-83D0-84AD7EE331D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B8A5BB-A6FD-44A2-9870-672603CE1C76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CB46B2F-71EA-49C6-843B-5114FB2E933B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A40771FB-C2EB-468E-B550-7850393C40D4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A57B0E94-3A36-40FF-BFBC-0E4AD69DB60F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2449BA1-A19D-43BB-BB69-182DB0D22676}" = rport=138 | protocol=17 | dir=out | app=system |
"{C53A846C-14D1-4F61-BD5D-C5FCAA380788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDA31F94-A68A-4306-927C-EA59D297497E}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECC8EFD0-FAA9-48C7-88EC-9BFEE3BEC360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C063101-DFC2-450B-91F7-104A3F854F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22CAECDF-654D-471E-905A-1B3FDCA41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{27BEE1D2-32FD-4232-8A29-FBD6BD58C9DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{282F7FAC-A04B-46C9-9E42-973763BA73D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2C940D4B-9A4D-4F19-A28C-7AA1A73798E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2D6F20A0-8989-41C0-B43C-00C835759201}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2E5C646F-6494-4EC4-B20E-0B5124162C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315A3B0E-F62C-4D2C-AFF3-87F64A0940EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33D10481-0B2E-4745-93EF-0B94642A135D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{38EDBBB3-8850-4A0A-8AB9-474AB008E04A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CDDF021-B6AC-438A-9AEB-036FD1E85D44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1A84AC-9FA2-4285-B228-29CC6370D957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41DF348F-A215-4B0E-BA7B-6EE68D790493}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4999FB34-8D08-4445-A658-D626F92BB10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4CE03C81-1A95-4DB1-89E5-8C5254A9168F}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{4FB1FC07-A88E-4594-AA5C-A45FAAE5B797}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5007D994-9E6F-4735-BEA6-C7AC0FB42E56}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5D9B6CC4-9AD9-45BE-BEA1-5A240E850E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A0DFE0-3B2B-4825-9F14-BF06EA15020C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67AF118F-9D53-45A6-99C5-A78997981D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{6C5AD1C5-2BE2-43D8-9C9F-C60BD208B7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CFE09EF-25E4-401D-9C65-D72E30FAC2E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70D8F053-2477-4A3C-A280-6E26B6F7CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{733B7B2E-C64C-4E19-BC3B-DA932D601FC0}" = protocol=6 | dir=out | app=system |
"{776370B5-DDD5-4891-8CBB-C3C697DB0AD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E73CA7D-BFBD-47D4-B634-74F79BEF71F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80C54D19-AD8D-45FC-94A3-50F02880F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{83BCBE00-0D15-476C-BFE2-235A835B398C}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{83E8A2A2-1571-4F8E-93A2-0D5A777CD580}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84B282E7-3DEB-4523-A300-DFD1A6E2773A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93B3CD9A-C53C-4F60-B02C-73297692C067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{947A8A3C-9F61-492C-8519-33460681A1B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9916902F-AD8C-4008-B940-5371F4AD6EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9D3DE192-1870-42F3-B190-2D6BB72D38AD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B06B5CF0-0671-41FF-968A-C7734B33FF01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B289C2AE-E9C5-4014-A512-B31315A8D905}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B95883CB-0585-49D5-9A1C-0D89D4F42404}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{C2172249-7DB9-400A-A537-01D56FBC8BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C7BEDD72-91D5-48B2-86A5-2DFFBAF94BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D3BC2BC1-932D-4733-BF08-64885577ECFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0655A11-DDF7-4CF0-98A3-C1EE8DC96AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E24613AB-8286-4111-82C6-F29B0FAB3849}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0A9E283-2501-4012-9BC6-E69DFAC070E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FBC703-2CD1-443D-9F72-E2EE02E76D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F327E4A6-AD17-482A-AF32-2BE7AC2D01E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F411B5D8-E463-4AB4-AB71-2ECD6761E4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F779254E-9D8C-4CE2-95E0-79D87760387A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{01B603A5-2148-466C-8EA6-FA6132E5BBC6}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{0D165BFB-5B38-4C9E-B0C2-904E2316CB64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{0D332E62-A243-4455-9B89-4538D1D9C9E0}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{30C7494B-C974-4DF5-A36B-41CCADD4B7BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45FFD5EE-5E7C-432A-82B6-96B1AD9538DD}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{5D0ED07E-FA33-44C3-8EF6-D51B534F609A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{6B417BBA-CE29-4EE9-8FB1-A14971F18A04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{7014571C-E4E4-44CC-A858-115D2E5F2537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8FEDAD34-BB1C-4683-B7CA-0CD64C78B6F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A19785F3-5D5C-4135-A297-6FBC811BA335}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{AB074781-47B5-446B-B8A3-2F0A43482031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B09E44D0-7824-4F09-842A-3D81A64AA3D1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E1D36F1C-C828-45CC-84BD-C542BBD0503B}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{E3E00404-034A-46EE-8A01-17E16F8C330E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E7086D08-9C87-418F-95E9-F771991EB413}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E94B11A2-7EAE-45D3-828E-E4F1D33E7DFE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{10B2115A-7CD8-41A9-A037-9E9317B3DE0F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{11C2CE2D-CB7F-4387-8092-901B24EFEFAC}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{16A2585D-A537-4991-A181-3CF22F274EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{231250DC-A90B-4106-B0B5-3AA0AF2E966E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{3BE58A5E-7FD8-4AB8-A660-5AFD9C3BC530}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{45E11649-1FDC-4685-BFDC-7594CEE8ABC2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{50CA96DC-F854-426B-88F9-838836727BBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7495DB40-882C-47E6-85A8-5FB5B84DB34F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{771DB1B0-AA2D-41FC-9994-54457A5D7241}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8E12BD63-F4EE-4D9C-8D2A-1D90D159307D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{ABE57845-FE68-4557-932E-794D5AC200C2}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{E0BC75B0-8D7D-499D-BC09-59D155BBFCD7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{EA79B58F-D74B-4908-B512-F1BC688582FE}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{F87299D3-47D0-4ED0-984C-6208CE944744}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{FAC3685D-7192-44F3-AD40-D741A452F493}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{FE0390C1-56D4-4216-B166-493255499D77}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS2009" = Norton Internet Security 2009
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FB6880-728F-4DF6-BEBB-046302A8E25A}" = ArcGIS Crystal Report Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition
"ArcGIS Tutorial Data" = ArcGIS Tutorial Data
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.57
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"SopCast" = SopCast 3.2.9
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.03.2011 13:42:12 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 30.03.2011 14:22:21 | Computer Name = Simon-PC | Source = Application Hang | ID = 1002
Description = Programm TotalMedia.exe, Version 3.5.28.260 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1294  Anfangszeit: 01cbef0569eb5280  Zeitpunkt
 der Beendigung: 65
 
Error - 31.03.2011 12:21:35 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 31.03.2011 12:21:35 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 31.03.2011 12:23:02 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.04.2011 13:56:12 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.04.2011 13:56:12 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.04.2011 13:57:38 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 14.04.2010 16:15:18 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 322
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.04.2011 14:11:56 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.04.2011 14:13:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.04.2011 07:20:24 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 27.04.2011 07:21:52 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.04.2011 12:24:23 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 28.04.2011 12:26:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 16:09:04 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.04.2011 16:10:14 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 16:44:52 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.04.2011 16:46:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

Flitzer8 29.04.2011 23:26
So, alles erledigt.
hier die otl-logs:OTL Logfile:
Code:
OTL logfile created on: 30.04.2011 00:06:17 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 115,72 Gb Free Space | 38,04% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (HssSrv) -- M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys ()
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys ()
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\DRIVERS\RTL2832U_IRHID.sys ()
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys ()
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.08.03 11:17:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 19:34:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:34:23 | 000,000,000 | ---D | M]
 
[2009.09.06 20:45:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions
[2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions
[2010.09.09 23:11:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.24 21:28:07 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.08 22:10:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.24 21:28:05 | 000,000,000 | -H-D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.03.25 16:37:58 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\engine@conduit.com
[2009.11.07 15:31:39 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\moveplayer@movenetworks.com
[2010.11.05 20:44:05 | 000,000,000 | -H-D | M] (Sopcast Ask Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\793b4mqu.default\extensions\toolbar@ask.com
[2010.12.18 12:14:06 | 000,002,386 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\askcom.xml
[2010.08.08 22:35:51 | 000,000,881 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\conduit.xml
[2010.05.21 07:37:19 | 000,000,694 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icq-search.xml
[2010.07.23 23:01:52 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-1.xml
[2010.08.03 11:56:03 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-2.xml
[2010.09.17 16:43:36 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-3.xml
[2010.10.21 17:12:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-4.xml
[2010.10.28 19:49:30 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-5.xml
[2010.11.02 19:27:02 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-6.xml
[2010.12.10 00:25:44 | 000,000,961 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin-7.xml
[2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\searchplugins\icqplugin.xml
[2011.03.24 19:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.07 10:31:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS)
O24 - Desktop WallPaper: B:\Fotos\col di tenna 48 kehren.JPG
O24 - Desktop BackupWallPaper: B:\Fotos\col di tenna 48 kehren.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.29 22:45:32 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.04.28 18:44:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2011.04.27 13:26:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.27 13:26:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.26 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2011.04.26 12:42:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.26 12:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.26 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.26 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.18 20:15:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.18 20:14:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.04.18 20:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.18 20:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.04.18 20:14:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.04.18 20:14:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.04.18 20:14:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.18 20:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.18 20:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.18 20:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.18 20:14:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.18 20:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.18 20:14:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.04.18 20:14:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.18 20:14:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.04.18 19:55:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.18 19:55:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.18 19:55:07 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.18 19:55:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.16 12:17:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.07 23:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\dvdcss
[2011.04.07 23:46:39 | 000,000,000 | RH-D | C] -- C:\Users\Simon\Dropbox
[2011.04.07 23:43:12 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.04.07 23:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Dropbox
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.29 23:38:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.29 22:51:05 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.29 22:51:05 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.29 22:51:05 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.29 22:51:05 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.29 22:51:05 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.29 22:45:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.29 22:44:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 22:44:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 22:44:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.04.29 22:44:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.29 22:44:47 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.28 18:44:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2011.04.27 20:25:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.27 20:06:31 | 000,120,059 | ---- | M] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg
[2011.04.27 17:22:09 | 001,298,927 | ---- | M] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg
[2011.04.26 12:42:33 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.20 17:02:01 | 000,929,073 | ---- | M] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf
[2011.04.20 16:48:44 | 000,466,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.11 22:41:59 | 000,676,867 | ---- | M] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf
[2011.04.11 22:31:02 | 000,003,771 | ---- | M] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png
[2011.04.07 23:46:39 | 000,000,943 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk
[2011.04.07 23:43:18 | 000,000,923 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.04.03 20:46:01 | 567,473,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 20:06:30 | 000,120,059 | ---- | C] () -- C:\Users\Simon\Desktop\Doorpagefoto-ausgabe-80-entwicklungspolitik-ist-friedenspolitik,property=poster.jpg
[2011.04.27 17:22:06 | 001,298,927 | ---- | C] () -- C:\Users\Simon\Desktop\Passbild_klein.jpg
[2011.04.27 13:26:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.27 13:26:52 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.26 12:42:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 12:42:29 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.20 17:02:01 | 000,929,073 | ---- | C] () -- C:\Users\Simon\Desktop\PH_JOSCHKA UND HERR FISCHER.pdf
[2011.04.18 20:15:36 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011.04.18 20:15:36 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011.04.18 20:15:36 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011.04.18 20:15:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011.04.18 20:15:23 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011.04.18 20:15:17 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011.04.18 20:15:16 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011.04.18 20:15:16 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011.04.18 20:15:16 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011.04.18 20:15:16 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011.04.18 20:15:16 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011.04.18 20:15:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011.04.18 20:15:08 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011.04.18 20:15:08 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011.04.18 20:15:07 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.04.18 20:15:07 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011.04.18 20:15:03 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011.04.18 20:14:52 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.04.18 20:14:36 | 012,474,880 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.04.18 20:14:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011.04.18 20:14:35 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.04.18 20:14:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011.04.18 20:14:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011.04.18 20:14:35 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011.04.18 20:14:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011.04.18 20:14:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.04.18 20:14:34 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.04.18 20:14:34 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011.04.18 20:14:33 | 009,265,664 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.04.18 20:14:33 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.04.18 20:14:33 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.04.18 20:14:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.04.18 20:14:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.04.18 20:14:33 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.04.18 20:14:33 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011.04.18 20:14:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011.04.18 20:14:33 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.18 20:14:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011.04.18 20:14:32 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.04.18 20:14:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.04.18 20:14:31 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.04.18 20:14:31 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.04.18 19:55:11 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.04.18 19:55:11 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.04.18 19:55:05 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011.04.18 19:55:05 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011.04.16 12:17:22 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011.04.16 12:17:22 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011.04.16 12:17:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.11 22:41:59 | 000,676,867 | ---- | C] () -- C:\Users\Simon\Desktop\20100618_Berufsbilder_Stadtplaner_tmeier.pdf
[2011.04.11 22:31:01 | 000,003,771 | ---- | C] () -- C:\Users\Simon\Desktop\c2cec6f3bd.png
[2011.04.07 23:46:39 | 000,000,943 | ---- | C] () -- C:\Users\Simon\Desktop\Dropbox.lnk
[2011.04.07 23:43:18 | 000,000,923 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.01.27 21:30:36 | 000,000,680 | -H-- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2010.04.13 19:35:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.18 20:45:37 | 000,000,287 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2009.12.01 21:28:40 | 000,000,738 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.23 23:41:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.07 11:45:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.09.07 11:45:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.09.07 11:36:57 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.09.07 11:24:03 | 000,013,824 | -H-- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.06 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.19 18:42:32 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.08.19 18:42:23 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009.04.10 16:25:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.20 23:30:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.20 23:23:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2009.01.20 22:25:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.01.20 22:25:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.12.21 18:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005.12.21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005.12.21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 18:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\SmAgentAPI.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1997.06.25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll












OTL Extras logfile created on: 30.04.2011 00:06:17 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Simon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: ENU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,17 Gb Total Space | 115,72 Gb Free Space | 38,04% Space Free | Partition Type: NTFS
Drive M: | 33,20 Gb Total Space | 25,52 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "B:\No23 Recorder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438201D-B550-4E8C-818B-347A6D36D103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{106894E9-1BA7-4A5F-A4D4-33FDE5106358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A303ADC-97DB-4DC3-8B4D-4615FE46BACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3791D0FF-5FD9-42EE-846C-3E70E2F6F8B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4578BA01-4B80-4D18-A099-DAE0B2767989}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5115DB12-E003-4DA0-AD9E-1CC7CA43BA74}" = rport=137 | protocol=17 | dir=out | app=system |
"{5707A0D9-5548-4C75-9675-4DA944A00032}" = lport=137 | protocol=17 | dir=in | app=system |
"{574127EC-0043-43C5-BEF8-62E2E1E84BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BDD1944-26A5-42BE-A6CA-2A71DEA34A9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7713CD86-3A72-4FB8-AF32-10E8B344B89C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CB60216-D7A1-49DE-83D0-84AD7EE331D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B8A5BB-A6FD-44A2-9870-672603CE1C76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CB46B2F-71EA-49C6-843B-5114FB2E933B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A40771FB-C2EB-468E-B550-7850393C40D4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A57B0E94-3A36-40FF-BFBC-0E4AD69DB60F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2449BA1-A19D-43BB-BB69-182DB0D22676}" = rport=138 | protocol=17 | dir=out | app=system |
"{C53A846C-14D1-4F61-BD5D-C5FCAA380788}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDA31F94-A68A-4306-927C-EA59D297497E}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECC8EFD0-FAA9-48C7-88EC-9BFEE3BEC360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C063101-DFC2-450B-91F7-104A3F854F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22CAECDF-654D-471E-905A-1B3FDCA41C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{27BEE1D2-32FD-4232-8A29-FBD6BD58C9DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{282F7FAC-A04B-46C9-9E42-973763BA73D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2C940D4B-9A4D-4F19-A28C-7AA1A73798E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2D6F20A0-8989-41C0-B43C-00C835759201}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2E5C646F-6494-4EC4-B20E-0B5124162C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315A3B0E-F62C-4D2C-AFF3-87F64A0940EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33D10481-0B2E-4745-93EF-0B94642A135D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{38EDBBB3-8850-4A0A-8AB9-474AB008E04A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CDDF021-B6AC-438A-9AEB-036FD1E85D44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1A84AC-9FA2-4285-B228-29CC6370D957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41DF348F-A215-4B0E-BA7B-6EE68D790493}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4999FB34-8D08-4445-A658-D626F92BB10A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4CE03C81-1A95-4DB1-89E5-8C5254A9168F}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{4FB1FC07-A88E-4594-AA5C-A45FAAE5B797}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5007D994-9E6F-4735-BEA6-C7AC0FB42E56}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5D9B6CC4-9AD9-45BE-BEA1-5A240E850E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A0DFE0-3B2B-4825-9F14-BF06EA15020C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67AF118F-9D53-45A6-99C5-A78997981D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{6C5AD1C5-2BE2-43D8-9C9F-C60BD208B7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CFE09EF-25E4-401D-9C65-D72E30FAC2E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70D8F053-2477-4A3C-A280-6E26B6F7CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{733B7B2E-C64C-4E19-BC3B-DA932D601FC0}" = protocol=6 | dir=out | app=system |
"{776370B5-DDD5-4891-8CBB-C3C697DB0AD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E73CA7D-BFBD-47D4-B634-74F79BEF71F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80C54D19-AD8D-45FC-94A3-50F02880F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{83BCBE00-0D15-476C-BFE2-235A835B398C}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{83E8A2A2-1571-4F8E-93A2-0D5A777CD580}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84B282E7-3DEB-4523-A300-DFD1A6E2773A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93B3CD9A-C53C-4F60-B02C-73297692C067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{947A8A3C-9F61-492C-8519-33460681A1B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9916902F-AD8C-4008-B940-5371F4AD6EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9D3DE192-1870-42F3-B190-2D6BB72D38AD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B06B5CF0-0671-41FF-968A-C7734B33FF01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B289C2AE-E9C5-4014-A512-B31315A8D905}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B95883CB-0585-49D5-9A1C-0D89D4F42404}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{C2172249-7DB9-400A-A537-01D56FBC8BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C7BEDD72-91D5-48B2-86A5-2DFFBAF94BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D3BC2BC1-932D-4733-BF08-64885577ECFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0655A11-DDF7-4CF0-98A3-C1EE8DC96AD9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E24613AB-8286-4111-82C6-F29B0FAB3849}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0A9E283-2501-4012-9BC6-E69DFAC070E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FBC703-2CD1-443D-9F72-E2EE02E76D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F327E4A6-AD17-482A-AF32-2BE7AC2D01E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F411B5D8-E463-4AB4-AB71-2ECD6761E4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F779254E-9D8C-4CE2-95E0-79D87760387A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{01B603A5-2148-466C-8EA6-FA6132E5BBC6}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{0D165BFB-5B38-4C9E-B0C2-904E2316CB64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{0D332E62-A243-4455-9B89-4538D1D9C9E0}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{30C7494B-C974-4DF5-A36B-41CCADD4B7BB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45FFD5EE-5E7C-432A-82B6-96B1AD9538DD}M:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=m:\sopcast\sopcast.exe |
"TCP Query User{5D0ED07E-FA33-44C3-8EF6-D51B534F609A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{6B417BBA-CE29-4EE9-8FB1-A14971F18A04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{7014571C-E4E4-44CC-A858-115D2E5F2537}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8FEDAD34-BB1C-4683-B7CA-0CD64C78B6F1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A19785F3-5D5C-4135-A297-6FBC811BA335}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{AB074781-47B5-446B-B8A3-2F0A43482031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B09E44D0-7824-4F09-842A-3D81A64AA3D1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E1D36F1C-C828-45CC-84BD-C542BBD0503B}M:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"TCP Query User{E3E00404-034A-46EE-8A01-17E16F8C330E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E7086D08-9C87-418F-95E9-F771991EB413}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E94B11A2-7EAE-45D3-828E-E4F1D33E7DFE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{10B2115A-7CD8-41A9-A037-9E9317B3DE0F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{11C2CE2D-CB7F-4387-8092-901B24EFEFAC}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{16A2585D-A537-4991-A181-3CF22F274EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{231250DC-A90B-4106-B0B5-3AA0AF2E966E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{3BE58A5E-7FD8-4AB8-A660-5AFD9C3BC530}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{45E11649-1FDC-4685-BFDC-7594CEE8ABC2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{50CA96DC-F854-426B-88F9-838836727BBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7495DB40-882C-47E6-85A8-5FB5B84DB34F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{771DB1B0-AA2D-41FC-9994-54457A5D7241}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8E12BD63-F4EE-4D9C-8D2A-1D90D159307D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{ABE57845-FE68-4557-932E-794D5AC200C2}M:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=m:\sopcast\adv\sopadver.exe |
"UDP Query User{E0BC75B0-8D7D-499D-BC09-59D155BBFCD7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{EA79B58F-D74B-4908-B512-F1BC688582FE}M:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=m:\sopcast\sopcast.exe |
"UDP Query User{F87299D3-47D0-4ED0-984C-6208CE944744}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{FAC3685D-7192-44F3-AD40-D741A452F493}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{FE0390C1-56D4-4216-B166-493255499D77}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS2009" = Norton Internet Security 2009
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FB6880-728F-4DF6-BEBB-046302A8E25A}" = ArcGIS Crystal Report Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Tutorial Data
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition
"ArcGIS Tutorial Data" = ArcGIS Tutorial Data
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.57
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"SopCast" = SopCast 3.2.9
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.03.2011 13:40:45 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.03.2011 13:42:12 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 30.03.2011 14:22:21 | Computer Name = Simon-PC | Source = Application Hang | ID = 1002
Description = Programm TotalMedia.exe, Version 3.5.28.260 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1294  Anfangszeit: 01cbef0569eb5280  Zeitpunkt
 der Beendigung: 65
 
Error - 31.03.2011 12:21:35 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 31.03.2011 12:21:35 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 31.03.2011 12:23:02 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.04.2011 13:56:12 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.04.2011 13:56:12 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.04.2011 13:57:38 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 14.04.2010 16:15:18 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 322
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.04.2011 14:11:56 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.04.2011 14:13:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.04.2011 07:20:24 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 27.04.2011 07:21:52 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.04.2011 12:24:23 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 28.04.2011 12:26:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 16:09:04 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.04.2011 16:10:14 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 16:44:52 | Computer Name = Simon-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.04.2011 16:46:25 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

cosinus 30.04.2011 02:32
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell - "" = AutoRun
O33 - MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\Shell\AutoRun\command - "" = I:\pushinst.exe
[2011.04.29 22:45:32 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Flitzer8 30.04.2011 10:13
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.
C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
File move failed. C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
File C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File Sicherheit\tbZone.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
File C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
File C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}\ not found.
File Sicherheit\tbZone.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b0f7c05-e699-11df-bc4b-0022686386ff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b0f7c05-e699-11df-bc4b-0022686386ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b0f7c05-e699-11df-bc4b-0022686386ff}\ not found.
File I:\pushinst.exe not found.
C:\Windows\Internet Logs folder moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Simon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4115627302 bytes
->Java cache emptied: 75361247 bytes
->FireFox cache emptied: 381403269 bytes
->Google Chrome cache emptied: 6352857 bytes
->Flash cache emptied: 892708 bytes

%systemdrive% .tmp files removed: 69206016 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 186848173 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.612,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04302011_105633

Files\Folders moved on Reboot...
File move failed. C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNOUKLYE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGXFMWD5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI89H5H2\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEA2YJWE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18C7JC2Q\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 01.05.2011 13:14
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Flitzer8 01.05.2011 20:51
2011/05/01 21:45:35.0369 4940 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/01 21:45:35.0647 4940 ================================================================================
2011/05/01 21:45:35.0647 4940 SystemInfo:
2011/05/01 21:45:35.0647 4940
2011/05/01 21:45:35.0647 4940 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/01 21:45:35.0647 4940 Product type: Workstation
2011/05/01 21:45:35.0647 4940 ComputerName: SIMON-PC
2011/05/01 21:45:35.0647 4940 UserName: Simon
2011/05/01 21:45:35.0647 4940 Windows directory: C:\Windows
2011/05/01 21:45:35.0648 4940 System windows directory: C:\Windows
2011/05/01 21:45:35.0648 4940 Running under WOW64
2011/05/01 21:45:35.0648 4940 Processor architecture: Intel x64
2011/05/01 21:45:35.0648 4940 Number of processors: 4
2011/05/01 21:45:35.0648 4940 Page size: 0x1000
2011/05/01 21:45:35.0648 4940 Boot type: Normal boot
2011/05/01 21:45:35.0648 4940 ================================================================================
2011/05/01 21:45:36.0672 4940 Initialize success
2011/05/01 21:45:37.0872 4204 ================================================================================
2011/05/01 21:45:37.0872 4204 Scan started
2011/05/01 21:45:37.0872 4204 Mode: Manual;
2011/05/01 21:45:37.0872 4204 ================================================================================
2011/05/01 21:45:38.0594 4204 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/05/01 21:45:38.0647 4204 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/01 21:45:38.0701 4204 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/01 21:45:38.0730 4204 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/01 21:45:38.0761 4204 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/01 21:45:38.0831 4204 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/05/01 21:45:38.0869 4204 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/01 21:45:38.0927 4204 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/01 21:45:38.0999 4204 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/05/01 21:45:39.0026 4204 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/01 21:45:39.0063 4204 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/01 21:45:39.0139 4204 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/01 21:45:39.0172 4204 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/01 21:45:39.0211 4204 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/01 21:45:39.0243 4204 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/05/01 21:45:39.0289 4204 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/01 21:45:39.0339 4204 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/01 21:45:39.0392 4204 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
2011/05/01 21:45:39.0447 4204 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/01 21:45:39.0481 4204 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/01 21:45:39.0528 4204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/01 21:45:39.0552 4204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/01 21:45:39.0586 4204 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/01 21:45:39.0615 4204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/01 21:45:39.0643 4204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/01 21:45:39.0663 4204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/01 21:45:39.0695 4204 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/01 21:45:39.0739 4204 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/01 21:45:39.0763 4204 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/01 21:45:39.0804 4204 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/05/01 21:45:39.0878 4204 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/05/01 21:45:39.0944 4204 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/01 21:45:39.0973 4204 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/05/01 21:45:40.0018 4204 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/01 21:45:40.0057 4204 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/05/01 21:45:40.0097 4204 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/05/01 21:45:40.0194 4204 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/01 21:45:40.0259 4204 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/01 21:45:40.0341 4204 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/01 21:45:40.0396 4204 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/05/01 21:45:40.0507 4204 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/01 21:45:40.0573 4204 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/01 21:45:40.0634 4204 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/05/01 21:45:40.0695 4204 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/05/01 21:45:40.0740 4204 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/01 21:45:40.0765 4204 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/01 21:45:40.0790 4204 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/01 21:45:40.0851 4204 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/01 21:45:40.0880 4204 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/05/01 21:45:40.0924 4204 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/01 21:45:40.0994 4204 fwlanusbn (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
2011/05/01 21:45:41.0027 4204 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/01 21:45:41.0125 4204 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/05/01 21:45:41.0157 4204 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/01 21:45:41.0192 4204 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/01 21:45:41.0224 4204 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/05/01 21:45:41.0267 4204 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/01 21:45:41.0323 4204 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/01 21:45:41.0392 4204 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/05/01 21:45:41.0456 4204 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/05/01 21:45:41.0501 4204 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/01 21:45:41.0542 4204 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/01 21:45:41.0583 4204 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/01 21:45:41.0645 4204 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/01 21:45:41.0728 4204 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
2011/05/01 21:45:41.0799 4204 IntcAzAudAddService (504eaa8a5a61b051ad5b26205fc00e12) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/01 21:45:41.0835 4204 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/01 21:45:41.0860 4204 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/01 21:45:41.0928 4204 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/01 21:45:42.0014 4204 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/01 21:45:42.0046 4204 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/01 21:45:42.0092 4204 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/01 21:45:42.0131 4204 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/01 21:45:42.0251 4204 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/01 21:45:42.0379 4204 ISWKL (01f2ab91de44a98834c27d265e8ebecb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/05/01 21:45:42.0411 4204 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/01 21:45:42.0468 4204 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/01 21:45:42.0498 4204 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/01 21:45:42.0513 4204 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/01 21:45:42.0593 4204 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/01 21:45:42.0635 4204 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/01 21:45:42.0679 4204 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/01 21:45:42.0732 4204 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/01 21:45:42.0766 4204 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/01 21:45:42.0819 4204 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/01 21:45:42.0834 4204 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/01 21:45:42.0892 4204 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/01 21:45:43.0001 4204 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/01 21:45:43.0067 4204 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/01 21:45:43.0095 4204 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/01 21:45:43.0113 4204 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/01 21:45:43.0151 4204 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/01 21:45:43.0193 4204 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/01 21:45:43.0218 4204 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/01 21:45:43.0251 4204 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/01 21:45:43.0309 4204 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/01 21:45:43.0325 4204 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/05/01 21:45:43.0391 4204 mrxsmb (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/01 21:45:43.0440 4204 mrxsmb10 (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/01 21:45:43.0470 4204 mrxsmb20 (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/01 21:45:43.0522 4204 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/05/01 21:45:43.0556 4204 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/01 21:45:43.0596 4204 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/01 21:45:43.0632 4204 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/01 21:45:43.0679 4204 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/01 21:45:43.0733 4204 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/01 21:45:43.0760 4204 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/01 21:45:43.0788 4204 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/01 21:45:43.0826 4204 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/01 21:45:43.0864 4204 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/01 21:45:43.0883 4204 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/05/01 21:45:43.0931 4204 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/01 21:45:44.0020 4204 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2011/05/01 21:45:44.0040 4204 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/01 21:45:44.0083 4204 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/01 21:45:44.0137 4204 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/01 21:45:44.0170 4204 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/01 21:45:44.0209 4204 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/01 21:45:44.0233 4204 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/01 21:45:44.0292 4204 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/01 21:45:44.0320 4204 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/05/01 21:45:44.0347 4204 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/01 21:45:44.0473 4204 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/05/01 21:45:44.0499 4204 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/01 21:45:44.0563 4204 NVENETFD (ae17aae41fc47ada0b989d1fa6fba60b) C:\Windows\system32\DRIVERS\nvmfdx64.sys
2011/05/01 21:45:44.0816 4204 nvlddmkm (633c64afd2b819acef2f090b216b3431) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/01 21:45:44.0904 4204 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/01 21:45:44.0941 4204 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/01 21:45:44.0995 4204 nvstor64 (d1f5dcf8d5a55c0fbbfb49c0ed1f2f5d) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/05/01 21:45:45.0050 4204 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/01 21:45:45.0134 4204 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/01 21:45:45.0179 4204 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/01 21:45:45.0204 4204 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/05/01 21:45:45.0259 4204 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/05/01 21:45:45.0292 4204 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/05/01 21:45:45.0325 4204 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/01 21:45:45.0363 4204 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/01 21:45:45.0479 4204 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/01 21:45:45.0508 4204 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/01 21:45:45.0554 4204 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/01 21:45:45.0573 4204 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/01 21:45:45.0626 4204 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/01 21:45:45.0709 4204 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/01 21:45:45.0763 4204 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/01 21:45:45.0789 4204 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/01 21:45:45.0868 4204 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/01 21:45:45.0892 4204 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/01 21:45:45.0929 4204 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/01 21:45:45.0980 4204 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/01 21:45:45.0994 4204 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/01 21:45:46.0053 4204 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/01 21:45:46.0069 4204 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/01 21:45:46.0104 4204 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/05/01 21:45:46.0170 4204 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/01 21:45:46.0221 4204 RTL2832UBDA (49cd92147189a6f9425edec8d8852f7a) C:\Windows\system32\drivers\RTL2832UBDA.sys
2011/05/01 21:45:46.0241 4204 RTL2832UUSB (630d13c76463e3eaa6bd7940bcb73439) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2011/05/01 21:45:46.0272 4204 RTL2832U_IRHID (47ad32186737302c42be8ba11564db57) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
2011/05/01 21:45:46.0309 4204 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/01 21:45:46.0350 4204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/01 21:45:46.0397 4204 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/01 21:45:46.0449 4204 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/01 21:45:46.0479 4204 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/01 21:45:46.0536 4204 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/01 21:45:46.0583 4204 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/01 21:45:46.0602 4204 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/01 21:45:46.0644 4204 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/01 21:45:46.0696 4204 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/01 21:45:46.0741 4204 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/01 21:45:46.0772 4204 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/05/01 21:45:46.0808 4204 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/05/01 21:45:46.0867 4204 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
2011/05/01 21:45:46.0927 4204 srv2 (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/01 21:45:46.0989 4204 srvnet (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/01 21:45:47.0035 4204 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/01 21:45:47.0082 4204 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/01 21:45:47.0105 4204 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/01 21:45:47.0135 4204 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/01 21:45:47.0267 4204 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
2011/05/01 21:45:47.0317 4204 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/01 21:45:47.0342 4204 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/01 21:45:47.0378 4204 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/01 21:45:47.0402 4204 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/01 21:45:47.0434 4204 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/01 21:45:47.0454 4204 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/01 21:45:47.0517 4204 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/01 21:45:47.0558 4204 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/01 21:45:47.0588 4204 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/01 21:45:47.0626 4204 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/01 21:45:47.0667 4204 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/01 21:45:47.0712 4204 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/01 21:45:47.0739 4204 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/01 21:45:47.0769 4204 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/01 21:45:47.0806 4204 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/01 21:45:47.0842 4204 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/01 21:45:47.0899 4204 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/01 21:45:47.0926 4204 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/01 21:45:47.0968 4204 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/01 21:45:48.0019 4204 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/01 21:45:48.0034 4204 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/01 21:45:48.0090 4204 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/01 21:45:48.0146 4204 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/01 21:45:48.0184 4204 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/01 21:45:48.0214 4204 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/01 21:45:48.0311 4204 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/01 21:45:48.0344 4204 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/01 21:45:48.0390 4204 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/01 21:45:48.0428 4204 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/05/01 21:45:48.0451 4204 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/05/01 21:45:48.0470 4204 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/05/01 21:45:48.0497 4204 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/01 21:45:48.0541 4204 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/01 21:45:48.0572 4204 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/01 21:45:48.0588 4204 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/01 21:45:48.0636 4204 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/01 21:45:48.0682 4204 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/01 21:45:48.0776 4204 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/01 21:45:48.0848 4204 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/01 21:45:48.0887 4204 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/01 21:45:48.0936 4204 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/01 21:45:49.0126 4204 ================================================================================
2011/05/01 21:45:49.0126 4204 Scan finished
2011/05/01 21:45:49.0126 4204 ================================================================================

cosinus 02.05.2011 11:14
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Flitzer8 04.05.2011 20:16
Combofix Logfile:
Code:
ComboFix 11-05-03.08 - Simon 04.05.2011  21:00:24.2.4 - x64
ausgeführt von:: c:\users\Simon\Desktop\CoFi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 19:06 . 2011-05-04 19:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-04 18:49 . 2011-05-04 18:49        --------        d-----w-        c:\program files\CCleaner
2011-05-04 18:19 . 2011-05-04 18:36        --------        d-----w-        C:\CoFi.exe
2011-05-04 17:36 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BBCC92D-EF75-485F-8258-3BAAEC2FC3CE}\mpengine.dll
2011-04-30 08:56 . 2011-04-30 08:56        --------        d-----w-        C:\_OTL
2011-04-27 14:37 . 2011-04-27 14:37        1186056        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-27 11:26 . 2011-03-03 15:06        32256        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 11:26 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 11:26 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 11:26 . 2011-03-03 13:25        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\users\Simon\AppData\Roaming\Malwarebytes
2011-04-26 10:42 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-26 10:42 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-18 18:14 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-18 17:55 . 2011-02-16 15:29        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-04-18 17:55 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-04-18 17:55 . 2011-02-16 15:36        48128        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-18 17:55 . 2011-02-16 13:44        367616        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-18 17:55 . 2011-03-10 16:12        1161728        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-04-18 17:55 . 2011-03-10 16:12        1136640        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-04-18 17:55 . 2011-03-10 16:30        1360384        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-18 17:55 . 2011-03-10 16:30        1398784        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-16 10:17 . 2011-03-02 15:10        117760        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-04-16 10:17 . 2009-05-04 10:38        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-04-16 10:17 . 2009-05-04 10:11        25088        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe
2011-04-07 21:55 . 2011-04-07 21:56        --------        d-----w-        c:\users\Simon\AppData\Roaming\dvdcss
2011-04-07 21:46 . 2011-04-25 18:57        --------        d-----r-        c:\users\Simon\Dropbox
2011-04-07 21:42 . 2011-04-25 18:57        --------        d-----w-        c:\users\Simon\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:06 . 2011-04-27 11:26        100352        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06 . 2011-04-27 11:26        331776        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06 . 2011-04-27 11:26        281600        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 14:56 . 2011-04-27 11:26        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 11:26        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 11:26        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-27 11:26        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-05-04_18.30.06  )))))))))))))))))))))))))))))))))))))))))
.
- 2009-09-06 18:15 . 2011-05-04 17:18        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-06 18:15 . 2011-05-04 18:49        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-06 18:15 . 2011-05-04 17:18        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 18:15 . 2011-05-04 18:49        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 18:15 . 2011-05-04 18:49        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-06 18:15 . 2011-05-04 17:18        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-31 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2009-9-7 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
R2 gupdate1ca72baeaac123f;Google Update Service (gupdate1ca72baeaac123f);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104]
R2 HssWd;Hotspot Shield Monitoring Service;m:\youtube_view_us\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104]
R3 UXDCMN;UXDCMN;I:\UXDCMN.SYS [x]
R3 uxddrv;Dynamically loaded UxdDrv;I:\uxddrv.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 823288]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-03-05 46112]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-03-04 94240]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-03-04 38432]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
m:\youtube_view_us\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 15940640]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
IE: Free YouTube to Mp3 Converter - c:\users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2011-05-04  21:08:59
ComboFix-quarantined-files.txt  2011-05-04 19:08
ComboFix2.txt  2011-05-04 18:36
.
Vor Suchlauf: 15 Verzeichnis(se), 127.440.916.480 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 131.640.299.520 Bytes frei
.
- - End Of File - - 472BBCAE47E824C1F8C7FF7B3F279D14
--- --- ---

cosinus 05.05.2011 09:38
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
c:\program files\CheckPoint

Driver::
UXDCMN
ISWKL
IswSvc
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Flitzer8 05.05.2011 18:01
Combofix Logfile:
Code:
ComboFix 11-05-03.08 - Simon 05.05.2011  18:35:02.3.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.4093.2680 [GMT 2:00]
ausgeführt von:: c:\users\Simon\Desktop\CoFi.exe.exe
Benutzte Befehlsschalter :: c:\users\Simon\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CheckPoint
c:\program files\CheckPoint\ZAForceField\akxcpt.ini
c:\program files\CheckPoint\ZAForceField\CFG\Heuristics.xml
c:\program files\CheckPoint\ZAForceField\CFG\Normal.xml
c:\program files\CheckPoint\ZAForceField\CFG\Privacy.xml
c:\program files\CheckPoint\ZAForceField\Clean_tool.exe
c:\program files\CheckPoint\ZAForceField\CPLic.dll
c:\program files\CheckPoint\ZAForceField\ForceField.exe
c:\program files\CheckPoint\ZAForceField\ForceField64.xml
c:\program files\CheckPoint\ZAForceField\GUI\FileSaveRunProtectionGreenTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiAbout.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiAdvancedPanelHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiAKFalsePosHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiClearVfsHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiConfirmClose.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpMinimal.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpPostpone.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpProgress.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpSelect.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiEmailConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFFConfirmClose.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFFXpiHelpTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFFXpiInstallConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFileAccessConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunConfirmBad.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunConfirmWarn.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunProtection.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiFirstRun.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiHeuristicsInfoHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdate.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdateRestartSystemConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdateShutdownConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswFlushConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiIswShutdownConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicDaysLeftPanel.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyAcceptedNeedNoRestart.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyAcceptedNeedRestart.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyEnter.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyExpired.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyPirated.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyServerCheck.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyServerSyncFailed.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyUnexpectedError.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyWhereToFind.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiLicServerTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiManAdvanced.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiManBase.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiManGeneral.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiPrivateBrowserAlert.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiProtectionSummaryTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSbStatistics.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiScanResultDetailsHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSearchConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSendURLConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSettingsTakeEffectConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiShutdownConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSiteInfo.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSplash.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiSubscription.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiTheme.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiUnsignedHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiUnvirtualizedWindowsUpdateConfirm.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiUrlAccess.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiUrlProgress.xml
c:\program files\CheckPoint\ZAForceField\GUI\GuiViewIswComponentsVersion.xml
c:\program files\CheckPoint\ZAForceField\GUI\HtmlPages\goback.html
c:\program files\CheckPoint\ZAForceField\GUI\HtmlPages\logo.bmp
c:\program files\CheckPoint\ZAForceField\GUI\TCPhishingHintTooltip.xml
c:\program files\CheckPoint\ZAForceField\GUI\TcSiteRedirectWarning.xml
c:\program files\CheckPoint\ZAForceField\GUI\TCSuspiciousAlert.xml
c:\program files\CheckPoint\ZAForceField\GUI\TCUnsafeAlertHeuristics.xml
c:\program files\CheckPoint\ZAForceField\GUI\TCUnsafeAlertRed.xml
c:\program files\CheckPoint\ZAForceField\GUI\ToolBarNormalModeNormalView.xml
c:\program files\CheckPoint\ZAForceField\GUI\ToolBarNormalModeShortView.xml
c:\program files\CheckPoint\ZAForceField\GUI\ToolBarPrivacyModeNormalView.xml
c:\program files\CheckPoint\ZAForceField\GUI\ToolBarPrivacyModeShortView.xml
c:\program files\CheckPoint\ZAForceField\GUI\tooltip_protection.xml
c:\program files\CheckPoint\ZAForceField\GUI\tooltip_status.xml
c:\program files\CheckPoint\ZAForceField\injectxcpt.ini
c:\program files\CheckPoint\ZAForceField\install.log
c:\program files\CheckPoint\ZAForceField\ISW_no_shext.xml
c:\program files\CheckPoint\ZAForceField\ISWAPPCOMPAT.xml
c:\program files\CheckPoint\ZAForceField\ISWCOMMON.xml
c:\program files\CheckPoint\ZAForceField\ISWDLG.dll
c:\program files\CheckPoint\ZAForceField\ISWKL.sys
c:\program files\CheckPoint\ZAForceField\ISWLDR.dat
c:\program files\CheckPoint\ZAForceField\ISWLDRC.dat
c:\program files\CheckPoint\ZAForceField\ISWPOL.xml
c:\program files\CheckPoint\ZAForceField\ISWPOLFLUSH.xml
c:\program files\CheckPoint\ZAForceField\iswrcs.dll
c:\program files\CheckPoint\ZAForceField\ISWSVC.exe
c:\program files\CheckPoint\ZAForceField\IswSvcPreload.txt
c:\program files\CheckPoint\ZAForceField\ISWUILib.dll
c:\program files\CheckPoint\ZAForceField\ISWUL.dll
c:\program files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll
c:\program files\CheckPoint\ZAForceField\ISWVEXTCU.ini
c:\program files\CheckPoint\ZAForceField\ISWWOW64.dll
c:\program files\CheckPoint\ZAForceField\license.txt
c:\program files\CheckPoint\ZAForceField\NormalNonVirtual.xml
c:\program files\CheckPoint\ZAForceField\NormalVirtual.xml
c:\program files\CheckPoint\ZAForceField\Plugins\icsscan.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWUPDE.exe
c:\program files\CheckPoint\ZAForceField\Plugins\plugins.txt
c:\program files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll
c:\program files\CheckPoint\ZAForceField\Plugins\updating.dll
c:\program files\CheckPoint\ZAForceField\README.txt
c:\program files\CheckPoint\ZAForceField\svcreg.cmd
c:\program files\CheckPoint\ZAForceField\TBI.exe
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\AltFFApi.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\liblua.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\libtextcat.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\PageBlocked.html
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\samplesites.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\TCData.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\TrustChecker.dll
c:\program files\CheckPoint\ZAForceField\Trustchecker\Search\Ask.ico
c:\program files\CheckPoint\ZAForceField\Trustchecker\Search\askcom.xml
c:\program files\CheckPoint\ZAForceField\Trustchecker\tcgt.cache
c:\program files\CheckPoint\ZAForceField\Uninstall.exe
c:\program files\CheckPoint\ZAForceField\Updates\LocalCatalog.xml
c:\program files\CheckPoint\ZAForceField\WOW64\CPLic.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWDLG.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWLDR.dat
c:\program files\CheckPoint\ZAForceField\WOW64\ISWLDRC.dat
c:\program files\CheckPoint\ZAForceField\WOW64\iswrcs.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWUILib.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWUL.dll
c:\program files\CheckPoint\ZAForceField\WOW64\ISWUL_MIN\ISWUL.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWDMP.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWFWMON.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWUPD.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWVEXT.dll
c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\updating.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustChecker.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome.manifest
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome\mozilladownload.jar
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome\trustchecker.jar
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\nsITCPlugins.xpt
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\nsITrustCheckerMozilla.xpt
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\install.rdf
c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\update_1.5.232.0.rdf
c:\program files\CheckPoint\ZAForceField\ZAFFDiag.exe
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_dark_mainnav_level2_standardpage_long[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_mainnav_level2_separator[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_standardpage_bottom[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\buttons-sprite[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\footer-links-bg[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbar_32_73DD003E17144CAC.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbar_32_E857042E7D2E74E0.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarDynamic_mui_de_09C19AB1E0C43781.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarDynamic_mui_de_D7CFBCF21E80E850.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarUser_64_BADB6DECFC517831.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarUser_64_BCA4B64C7F249C8F.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\gradient-box-bg[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\KievitWeb-Bold[1].eot
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\KievitWeb-BoldIta[1].eot
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\link-arrows[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\support-overview[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\tab_active_right[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\74372433[1].txt
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_directsearch[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_mainnav_level2_separator_active_right[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_mainnav_level3_separator[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_pagination[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_standardpage_top[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\fastsearch_B7C5AC242193BB3E.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\flags[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\footer-links-corners[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarDynamic_32_D5B8545F3CFB02D4.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarDynamic_32_E0B3D00E06C2FA01.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarManager_0E996B068B56FCA2.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarManager_E582EA556D8DE101.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\KievitWeb-BookIta[1].eot
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\new-logo[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\SearchWithGoogleUpdate_C5C67DF5D46FB314.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_dropdown_arrow_grey[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_mainnav_level3[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_standardpage_middle[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\box-rounded-corners-with-border-sprite[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ga[1].js
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbar_64_18A9496A32B30FED.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbar_64_41D8280252A4200C.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbarDynamic_mui_en_9655453EC427A513.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleUpdaterService_5898FABCFA121C11.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\icon-set[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\icon_set-bedrohung[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\KievitWeb-Book[1].eot
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\magnifier[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\SearchWithGoogleUpdate_C58171F2E8870EA4.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\tab_active_left[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\825f9a34fd269d998957b92c2f529387[1].js
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_mainnav_level2_separator_active[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_round_corners_transparent[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_standardpage_body[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\col-border[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\f0e84f682515e9f48fcf44828fe81cf9[1].css
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\f33bd0e0f2522151d82152233d1876d5[1].js
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\footernav-seperator[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleCld_3F6C343113693CD9.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleCld_AE2927CDD77381B4.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarDynamic_64_3A8A20607C96A7B3.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarDynamic_64_7B73A586FAD2C6CD.dll[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarUser_32_1D643E0FC0BE74CC.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarUser_32_AE9B99EC70822BD0.exe[1].lz
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\mainnav_bg[1].gif
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\red-stripe-gradient[1].png
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\simon@avira[2].txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\simon@www.avira[2].txt
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ISWKL
-------\Service_ISWKL
-------\Service_IswSvc
-------\Service_UXDCMN
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-05 bis 2011-05-05  ))))))))))))))))))))))))))))))
.
.
2011-05-05 16:41 . 2011-05-05 16:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-04 18:49 . 2011-05-04 18:49        --------        d-----w-        c:\program files\CCleaner
2011-05-04 18:19 . 2011-05-04 18:36        --------        d-----w-        C:\CoFi.exe
2011-05-04 17:36 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BBCC92D-EF75-485F-8258-3BAAEC2FC3CE}\mpengine.dll
2011-04-30 08:56 . 2011-04-30 08:56        --------        d-----w-        C:\_OTL
2011-04-27 14:37 . 2011-04-27 14:37        1186056        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-27 11:26 . 2011-03-03 15:06        32256        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 11:26 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 11:26 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 11:26 . 2011-03-03 13:25        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\users\Simon\AppData\Roaming\Malwarebytes
2011-04-26 10:42 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-26 10:42 . 2011-04-26 10:42        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-26 10:42 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-18 18:14 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-18 17:55 . 2011-02-16 15:29        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-04-18 17:55 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-04-18 17:55 . 2011-02-16 15:36        48128        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-18 17:55 . 2011-02-16 13:44        367616        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-18 17:55 . 2011-03-10 16:12        1161728        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-04-18 17:55 . 2011-03-10 16:12        1136640        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-04-18 17:55 . 2011-03-10 16:30        1360384        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-18 17:55 . 2011-03-10 16:30        1398784        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-16 10:17 . 2011-03-02 15:10        117760        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-04-16 10:17 . 2009-05-04 10:38        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-04-16 10:17 . 2009-05-04 10:11        25088        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe
2011-04-07 21:55 . 2011-04-07 21:56        --------        d-----w-        c:\users\Simon\AppData\Roaming\dvdcss
2011-04-07 21:46 . 2011-05-05 16:09        --------        d-----r-        c:\users\Simon\Dropbox
2011-04-07 21:42 . 2011-05-05 16:09        --------        d-----w-        c:\users\Simon\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:06 . 2011-04-27 11:26        100352        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06 . 2011-04-27 11:26        331776        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06 . 2011-04-27 11:26        281600        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 14:56 . 2011-04-27 11:26        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 11:26        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 11:26        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-27 11:26        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-05-04_18.30.06  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-05-04 17:16        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-05-05 16:43        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-05-05 16:43        81920              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-05-04 17:16        81920              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-05-05 16:43        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-05-04 17:16        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-05-05 16:10        56868              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-05-05 16:10        83566              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-09-06 18:19 . 2011-05-04 17:17        16702              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1332130780-3182642251-3336314582-1000_UserData.bin
+ 2009-09-06 18:19 . 2011-05-05 16:10        16702              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1332130780-3182642251-3336314582-1000_UserData.bin
+ 2009-11-26 09:07 . 2011-05-05 16:43        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 09:07 . 2011-05-04 17:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 09:07 . 2011-05-05 16:43        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 09:07 . 2011-05-04 17:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-04 17:14 . 2011-05-04 17:14        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-05 16:43 . 2011-05-05 16:43        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-04 17:14 . 2011-05-04 17:14        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-05 16:43 . 2011-05-05 16:43        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2011-05-05 16:13        595620              c:\windows\system32\perfh009.dat
- 2008-01-21 11:09 . 2011-05-04 17:20        628504              c:\windows\system32\perfh007.dat
+ 2008-01-21 11:09 . 2011-05-05 16:13        628504              c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2011-05-05 16:13        103694              c:\windows\system32\perfc009.dat
- 2008-01-21 11:09 . 2011-05-04 17:20        126248              c:\windows\system32\perfc007.dat
+ 2008-01-21 11:09 . 2011-05-05 16:13        126248              c:\windows\system32\perfc007.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-31 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2009-9-7 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca72baeaac123f;Google Update Service (gupdate1ca72baeaac123f);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104]
R3 uxddrv;Dynamically loaded UxdDrv;I:\uxddrv.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
S2 HssWd;Hotspot Shield Monitoring Service;m:\youtube_view_us\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-03-05 46112]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-03-04 94240]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-03-04 38432]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
m:\youtube_view_us\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi.exe9375c\CF18603.cfxxe" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 15940640]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
IE: Free YouTube to Mp3 Converter - c:\users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\system32\HidService.exe
m:\youtube_view_us\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-05  18:52:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-05 16:52
ComboFix2.txt  2011-05-04 19:08
ComboFix3.txt  2011-05-04 18:36
.
Vor Suchlauf: 15 Verzeichnis(se), 131.874.304.000 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 131.365.056.512 Bytes frei
.
- - End Of File - - AEB06116383A55F0C33BBE275BEA7337
--- --- ---

cosinus 05.05.2011 19:28
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Flitzer8 05.05.2011 21:08
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: IMEDIA X4614 GE
Logical Drives Mask: 0x000016fe

Kernel Drivers (total 146):
0x0261F000 \SystemRoot\system32\ntoskrnl.exe
0x02B37000 \SystemRoot\system32\hal.dll
0x0060A000 \SystemRoot\system32\kdcom.dll
0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00641000 \SystemRoot\system32\PSHED.dll
0x00655000 \SystemRoot\system32\CLFS.SYS
0x006B2000 \SystemRoot\system32\CI.dll
0x00801000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E9000 \SystemRoot\system32\drivers\acpi.sys
0x0093F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00948000 \SystemRoot\system32\drivers\msisadrv.sys
0x00952000 \SystemRoot\system32\drivers\pci.sys
0x00982000 \SystemRoot\System32\drivers\partmgr.sys
0x00997000 \SystemRoot\system32\drivers\volmgr.sys
0x00764000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AB000 \SystemRoot\system32\drivers\pciide.sys
0x009B2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C2000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D5000 \SystemRoot\system32\drivers\atapi.sys
0x007CA000 \SystemRoot\system32\drivers\ataport.SYS
0x009DD000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x00A0D000 \SystemRoot\system32\DRIVERS\storport.sys
0x00A6A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AB0000 \SystemRoot\system32\drivers\fileinfo.sys
0x00AC4000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00AD1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C03000 \SystemRoot\system32\drivers\ndis.sys
0x00B58000 \SystemRoot\system32\drivers\msrpc.sys
0x00BA8000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0E000 \SystemRoot\System32\drivers\tcpip.sys
0x00F80000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01003000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01187000 \SystemRoot\system32\drivers\volsnap.sys
0x011CB000 \SystemRoot\System32\Drivers\spldr.sys
0x011D3000 \SystemRoot\System32\Drivers\mup.sys
0x00FAC000 \SystemRoot\System32\drivers\ecache.sys
0x011E5000 \SystemRoot\system32\drivers\disk.sys
0x00DC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00FD8000 \SystemRoot\system32\drivers\crcdisk.sys
0x02A32000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02A3B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02A4E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02A64000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02A70000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02A7E000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02A89000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02ACF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02AE0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02AF3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02B05000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02C05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0350E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x035ED000 \SystemRoot\System32\drivers\watchdog.sys
0x02B15000 \SystemRoot\SysWOW64\drivers\Afc.sys
0x02B1E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03609000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x03771000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0377A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x037B2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x037BF000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x037D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02B3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02B46000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02B77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02B87000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02BA5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02BBD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x037FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03807000 \SystemRoot\system32\DRIVERS\ks.sys
0x0383B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03846000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03856000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0389D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03E0B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x03F69000 \SystemRoot\system32\drivers\portcls.sys
0x03FA4000 \SystemRoot\system32\drivers\drmk.sys
0x03FC7000 \SystemRoot\system32\drivers\ksthunk.sys
0x03FCD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03FD7000 \SystemRoot\System32\Drivers\Null.SYS
0x03FEA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03FF2000 \SystemRoot\System32\drivers\vga.sys
0x038B1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03E00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03FE0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x038D6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x038E1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x038F2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x038FB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03918000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03E09000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03934000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0393F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0394F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03964000 \SystemRoot\System32\Drivers\RTL2832UUSB.sys
0x03971000 \SystemRoot\system32\drivers\RTL2832UBDA.sys
0x03987000 \SystemRoot\system32\drivers\BdaSup.SYS
0x0398B000 \SystemRoot\system32\DRIVERS\RTL2832U_IRHID.sys
0x03995000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x039A7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03C07000 \SystemRoot\system32\DRIVERS\fwlanusbn.sys
0x03C8E000 \SystemRoot\system32\DRIVERS\smb.sys
0x03CA9000 \SystemRoot\system32\drivers\afd.sys
0x03D16000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D5A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D78000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03D87000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DA2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03DF0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x039B1000 \SystemRoot\System32\Drivers\dfsc.sys
0x039CE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x039F0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02BCF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x02BD9000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x02A00000 \SystemRoot\System32\drivers\Dxapi.sys
0x02A0C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x0760A000 \SystemRoot\system32\drivers\luafv.sys
0x0762C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x07649000 \SystemRoot\system32\drivers\spsys.sys
0x076E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x076F7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0772B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07736000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0774E000 \SystemRoot\system32\drivers\HTTP.sys
0x0860A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08633000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08651000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0866B000 \SystemRoot\system32\drivers\mrxdav.sys
0x08692000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x086BB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08704000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08723000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08755000 \SystemRoot\System32\DRIVERS\srv.sys
0x09205000 \SystemRoot\system32\drivers\peauth.sys
0x092BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x092C6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x092D5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x092F5000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0930B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x09327000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x0932F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x778E0000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
516 csrss.exe
556 C:\Windows\System32\wininit.exe
576 csrss.exe
612 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\winlogon.exe
900 C:\Windows\System32\nvvsvc.exe
932 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
132 C:\Windows\System32\svchost.exe
288 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\audiodg.exe
604 C:\Windows\System32\svchost.exe
628 C:\Windows\System32\SLsvc.exe
916 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\rundll32.exe
1476 C:\Windows\System32\spoolsv.exe
1520 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1572 C:\Windows\System32\svchost.exe
1916 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1928 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1996 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2040 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
1124 C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
1988 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2076 C:\Windows\SysWOW64\svchost.exe
2104 C:\Windows\System32\HidService.exe
2172 M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe
2192 M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe
2208 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2256 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2328 C:\Windows\SysWOW64\IoctlSvc.exe
2348 C:\Windows\System32\svchost.exe
2396 C:\Windows\System32\svchost.exe
2440 C:\Windows\System32\svchost.exe
2516 C:\Windows\System32\SearchIndexer.exe
2664 WUDFHost.exe
1592 C:\Windows\System32\taskeng.exe
3712 C:\Program Files\Windows Media Player\wmpnetwk.exe
3356 C:\Windows\System32\taskeng.exe
1772 C:\Windows\System32\dwm.exe
3364 C:\Windows\explorer.exe
1036 C:\Windows\System32\conime.exe
2056 C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
3656 C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
3280 C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
1320 C:\Program Files\Windows Media Player\wmpnscfg.exe
3816 C:\Windows\System32\wuauclt.exe
3284 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3244 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3664 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
1376 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
2764 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
964 C:\Windows\splwow64.exe
3920 C:\Windows\System32\SearchProtocolHost.exe
4380 C:\Windows\System32\SearchFilterHost.exe
3700 dllhost.exe
1664 dllhost.exe
4584 C:\Users\Simon\Desktop\MBRCheck.exe

\\.\B: --> \\.\PhysicalDrive0 at offset 0x00000058`01f00000 (NTFS)
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS)
\\.\M: --> \\.\PhysicalDrive0 at offset 0x0000004f`b5000000 (NTFS)

PhysicalDrive0 Model Number: ST3640623AS, Rev: SD43

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Kurze Zwischenfrage: Muss ich noch viele solcher Scanns machen?;)

cosinus 06.05.2011 08:47
Zitat:
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Windows7 installiert? Win7-DVD 64-Bit zur Hand?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 64-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Win7-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Flitzer8 06.05.2011 15:54
Hallo,

das ist mir langsam etwas zu heikel.
Gibt es auch noch andere Möglichkeiten?
Ist es schlimm, dass MBR nicht geht?

Grüße,

Simon

p.s.: ich habe windows vista und würde ungern alles neu aufbauen und strukturieren.

cosinus 06.05.2011 18:08
Wenn der MBR erfolgreich neu geschrieben wurde, gibt es weder Datenverlust noch Änderungen an den Partitionen noch sonst etwas.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55