Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Vista Antispyware 2012 hat mich erwischt (https://www.trojaner-board.de/102397-vista-antispyware-2012-hat-mich-erwischt.html)

Inspector 11.08.2011 20:42
Vista Antispyware 2012 hat mich erwischt
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo liebes Team,

leider hat mich auch die Vista Antispyware 2012 erwischt. Der Internetzugang über Firefox und den IE war blockiert und es öffneten sich willkürlich Fake-Warnmeldungen.

Was bisher geschah:

1. Nach der Infizierung habe ich zunächst rkill.com heruntergeladen und mehrfach gestartet bis alle Fenster beendet waren.

2. Danach habe ich die FixNCR.reg heruntergeladen und ausgeführt.

3. Anschließend habe ich mir Malwarebytes herunter geladen und einen Quick-Scan ausgeführt, hier das Ergebnis:

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7435

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11.08.2011 19:50:41
mbam-log-2011-08-11 (19-50-41).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155692
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\694245456 (Trojan.FakeAlert) -> Value: 694245456 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\ukr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\ALZALZ.BIN (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\System32\ALZZip.BIN (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
4. Danach habe ich noch einen vollständigen Suchlauf gestartet, hier das Ergebnis:

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7435

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11.08.2011 21:25:29
mbam-log-2011-08-11 (21-25-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 322130
Laufzeit: 1 Stunde(n), 24 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Das letzte Protokoll klingt ja schon mal ganz gut, aber ich will auf Nummer sicher gehen und benötige dazu eure Hilfe. Wie muss ich weiter vorgehen, damit mein PC auch wirklich wieder "sauber" wird?

P.S. Nachdem mich Antispyware 2012 erwischt hat, habe ich reflexartig erst mal den PC neu gestartet. Dabei hat Microsoft Vista neue Updates installiert. Ich hoffe, das waren auch die "richtigen" Updates und nicht irgendwelche Fake-Updates.

EDIT: Achja, noch was. Nach Starten des PC's erhalten ich neuerdings immer eine Fehlermeldung (s. Anlage).

kira 12.08.2011 06:49
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

Inspector 12.08.2011 14:10
Vielen Dank für deine Antwort.

So, OTL habe ich laufen lassen, hier die Ergebnisse:


OTL EXTRAS Logfile:
Code:
OTL logfile created on: 12.08.2011 14:53:04 - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\** **\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,07% Memory free
6,22 Gb Paging File | 5,32 Gb Available in Paging File | 85,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 433,68 Gb Free Space | 73,99% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\** **\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\phonostar\ps_timer.exe (phonostar)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\DesktopEarth\DesktopEarth.exe (CodeFromThe70s.org)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\** **\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
Extras.txt:
Code:
OTL Extras logfile created on: 12.08.2011 14:53:04 - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\** **\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,07% Memory free
6,22 Gb Paging File | 5,32 Gb Available in Paging File | 85,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 433,68 Gb Free Space | 73,99% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17824339-C744-47FE-BDF5-CE448C2F0BB5}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D16FE5A-BC79-4B37-A92F-BB87B3366175}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A181EFF2-3D23-4E51-88B1-71C7A9E8CD60}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system |
"{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8A8C06A-B1FA-4A23-97E5-5E4A4B6FF1ED}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D63D70E7-CDBA-43B0-81B3-D1D7DF433138}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{DE9F0361-21EC-4CF4-AFBB-4CC0AFA91FE1}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB4D0451-7061-4DD8-B919-83800F636FE5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF1554C5-0815-4323-AEF3-ACC75AE8CFE0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{42B7723C-31B3-4E6A-B053-11D31CB87ED5}C:\program files\trackmania nations eswc\tmnationseswc.exe" = protocol=6 | dir=in | app=c:\program files\trackmania nations eswc\tmnationseswc.exe |
"TCP Query User{4C4640C7-54A9-41DE-97A5-680DA79AFA7C}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B3DE209E-1A24-479F-8FFC-5DDC418404CB}C:\clusterball\xdreamcc.exe" = protocol=6 | dir=in | app=c:\clusterball\xdreamcc.exe |
"TCP Query User{B573BBF7-F35E-41C6-8EC5-C4379390E537}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{08F7DB70-B8B4-4E82-A872-150985BB3186}C:\clusterball\xdreamcc.exe" = protocol=17 | dir=in | app=c:\clusterball\xdreamcc.exe |
"UDP Query User{2F0C4E61-819F-4EBE-9FAB-F8CEE38AE2BD}C:\program files\trackmania nations eswc\tmnationseswc.exe" = protocol=17 | dir=in | app=c:\program files\trackmania nations eswc\tmnationseswc.exe |
"UDP Query User{3EC8DC8C-7570-4912-B1F9-0F53619B2762}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{855DDA6C-CED5-4A4D-BDCD-D777B3B0BAF3}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta)
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CompuGROUP Z1" = CompuGROUP Z1
"Die Sims" = Die Sims
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FIFA International Soccer_is1" = Game FIFA International Soccer
"FileZilla Client" = FileZilla Client 3.5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"SopCast" = SopCast 2.0.4
"Star Alliance Screen Saver_is1" = Star Alliance Screen Saver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.5
"VWLUPO-Key" = VOLKSWAGEN Lupo-Cup
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2011 00:19:26 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.08.2011 08:08:52 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 13.07.2011 01:30:31 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

--- --- ---

--- --- ---



Danach habe ich den CCleaner herunter geladen, hier meine installierten Programme:

Code:
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        18.06.2011                10.3.181.26
Adobe Flash Player ActiveX        Adobe Systems Incorporated        10.08.2008                9.0.124.0
Adobe Reader X (10.1.0) - Deutsch        Adobe Systems Incorporated        15.06.2011        165,3MB        10.1.0
ALUpdate        ESTsoft Corp.        13.08.2008        2,05MB       
ALZip        ESTsoft Corp.        13.08.2008        11,8MB        7.0 beta1
ANNO 1602                26.10.2008        3.290MB        1.05
ATI Catalyst Control Center                10.08.2008        24,00KB        2.008.0409.2230
Avira AntiVir Personal - Free Antivirus        Avira GmbH        23.07.2011        65,4MB        10.2.0.696
Browser Address Error Redirector        Dell        10.08.2008                1.00.0000
Bundesliga 2000 - Der Fussball Manager                06.03.2010        570MB       
Canon MP630 series Benutzerregistrierung                22.01.2009        0,52MB       
Canon MP630 series MP Drivers                22.01.2009               
Canon Utilities My Printer                22.01.2009        2,39MB       
CCleaner        Piriform        11.08.2011        3,98MB        3.09
Chinese Simplified Fonts Support For Adobe Reader 8        Adobe Systems        13.03.2010        29,5MB        8.0.0
Compatibility Pack für 2007 Office System        Microsoft Corporation        15.06.2011        56,2MB        12.0.6425.1000
CompuGROUP Z1                18.03.2009        1.211MB       
Das Fussball Studio 8.4.3 (Beta)        vmLOGIC - Volker Mallmann        01.08.2011        20,2MB        8.4.3
Dell Dock        Dell        10.08.2008                1.0.0
Dell Support Center (Support Software)        Dell        14.10.2009                2.2.09085
DerKleineTurnierplaner        Der Kleine Turnierplaner        15.09.2008        10,9MB        1.00.0000
DesktopEarth        CodeFromThe70s.org        15.10.2009        6,85MB        2.1.1
DFS_Media_Tool 2.1.2        vmLOGIC - Volker Mallmann        28.10.2008        0,91MB        2.1.2
Die Sims                07.07.2010        302MB       
DivX Codec        DivX, Inc.        07.12.2008        1,40MB        6.8.5
DivX Converter        DivX, Inc.        07.12.2008        30,4MB        6.6.1
DivX Player                13.11.2008        15,4MB        6.8.2
DivX Web Player        DivX,Inc.        13.11.2008        2,92MB        1.4.2
DNA        BitTorrent Inc.        12.11.2009        0,41MB        2.2.4 (16502)
EDocs                10.08.2008        0,80MB       
FileZilla Client 3.5.0                08.07.2011        13,9MB        3.5.0
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        10.04.2011        3,16MB       
Free YouTube to MP3 Converter version 3.9.35.324        DVDVideoSoft Limited.        10.04.2011        3,38MB       
Game FIFA International Soccer        Electronic Arts        28.07.2009        1,25MB       
Google Earth        Google        12.07.2011        84,7MB        6.0.3.2197
Google Updater        Google Inc.        22.03.2009        3,59MB        2.4.1536.6592
Intel(R) Graphics Media Accelerator Driver                13.08.2008               
Intel(R) PRO Network Connections 12.1.11.0        Intel        10.08.2008        5,91MB       
Java(TM) 6 Update 20        Sun Microsystems, Inc.        10.05.2010        94,5MB        6.0.200
Java(TM) 6 Update 5        Sun Microsystems, Inc.        10.08.2008        171,1MB        1.6.0.50
L&H TTS3000 Deutsch                18.03.2009               
Malwarebytes' Anti-Malware Version 1.51.1.1800        Malwarebytes Corporation        10.08.2011        6,72MB        1.51.1.1800
Max Senft's Vokabeltrainer 1.1b                06.09.2008        1,77MB        1.1b
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        03.06.2009        27,8MB       
Microsoft IntelliPoint 6.1        Microsoft        17.08.2008        11,4MB        6.10.156.0
Microsoft Office Enterprise 2007        Microsoft Corporation        03.06.2009        308MB        12.0.6425.1000
Microsoft Office File Validation Add-In        Microsoft Corporation        29.06.2011        7,92MB        14.0.5130.5003
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        15.06.2011        89,0MB        12.0.6425.1000
Microsoft Silverlight        Microsoft Corporation        15.06.2011        14,9MB        4.0.60531.0
Microsoft SQL Server Native Client        Microsoft Corporation        18.03.2009        2,43MB        9.00.3042.00
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        28.07.2009        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        12.06.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        03.06.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        26.03.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,58MB        9.0.30729.6161
Microsoft Works        Microsoft Corporation        14.12.2010                9.7.0621
Mozilla Firefox 5.0 (x86 de)        Mozilla        01.07.2011        99,3MB        5.0
NetSpeedMonitor 2.5.4.0 x86        Florian Gilles        17.07.2011        1,04MB        2.5.4.0
phonostar-Player Version 2.01.4                13.08.2008        9,73MB       
phonostar-Player Version 3.01.8                15.10.2010        30,9MB       
Pro Evolution Soccer 2010 DEMO        KONAMI        02.06.2010        1.030MB        1.00.0000
Realtek High Definition Audio Driver                10.08.2008               
Reflexion        Reflexion        17.08.2010        2,91MB        1.00.0000
SopCast 2.0.4        SopCast.com        26.04.2009        11,3MB        2.0.4
Star Alliance Screen Saver        Star Alliance GmbH        27.10.2008        7,48MB       
Taskbar Shuffle version 2.5        Jay Elaraj        17.07.2009        1,61MB        2.5
TmNationsForever        Nadeo        29.10.2008        717MB       
Turnierplaner        Freeware        07.07.2010        2,55MB       
TVAnts 1.0                26.04.2009        3,64MB       
Uninstall 1.0.0.1                10.04.2011        30,8MB       
Veoh Web Player        Veoh Networks, Inc.        17.05.2010        30,4MB        1.2.1.1209
Vista Codec Package        Shark007        01.12.2008        52,2MB        5.0.3
VLC media player 1.1.5        VideoLAN        22.12.2010        49,0MB        1.1.5
VOLKSWAGEN Lupo-Cup                25.05.2010        8,01MB       
Windows Media Player Firefox Plugin        Microsoft Corp        16.08.2008        0,29MB        1.0.0.8
Zattoo 3.3.4 Beta        Zattoo Inc.        13.06.2009        18,4MB        3.3.4 Beta
Zattoo4 4.0.5        Zattoo Inc.        19.05.2010        39,9MB        4.0.5

kira 13.08.2011 08:52
1.
BitTorrent/DNA: gilt als unsicher und sollte daher nicht eingesetzt werden.
Was ist BitTorrent/DNA

2.
ich würde deinstallieren:
3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

7.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!
► berichte auch erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Inspector 14.08.2011 11:35
1. Programme ohne Probleme deinstalliert.
2. veoh Web-Player ohne Probleme deinstalliert.
3. Neue Java-Version ohne Probleme installiert
4. keine Probleme bei der Systemreinigung
5.
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/14/2011 at 00:12 AM

Application Version : 5.0.1118

Core Rules Database Version : 7561
Trace Rules Database Version: 5373

Scan type      : Complete Scan
Total Scan Time : 00:33:03

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 682
Memory threats detected  : 0
Registry items scanned    : 36607
Registry threats detected : 0
File items scanned        : 38278
File threats detected    : 2


Trojan.Agent/Gen-FakeAlert[Local]
        C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Z1INFO.EXE
Adware.Tracking Cookie
        secure-uk.imrworldwide.com [ C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UXPAS3YN ]
6. Leider konnte ich das Ausführen der Auto-Run-Funktion nicht verhindern

Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8c08c9aee432144fae16b46d78f2951b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-14 07:22:39
# local_time=2011-08-14 09:22:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 1775669 88199432 1768460 0
# compatibility_mode=5892 16776574 66 100 262257 150835596 0 0
# compatibility_mode=8192 67108863 100 0 72588 72588 0 0
# scanned=169260
# found=4
# cleaned=4
C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7a7bdd9e-29852088        Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\7f7680a8-50925ef5        Java/TrojanDownloader.OpenStream.NAX Trojaner (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\b45e07d-50ed44b2        Variante von Win32/Kryptik.RKL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Fabian Hofmann\AppData\Roaming\phonostar-Player\update2.exe        Variante von Win32/Adware.ADON Anwendung (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
ESETSmartInstaller@High as downloader log:
# scan_time=3690
7.
Code:
OTL logfile created on: 14.08.2011 11:33:58 - Run 3
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Fabian Hofmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,02% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 426,66 Gb Free Space | 72,80% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: FABIANHOFMAN-PC | User Name: Fabian Hofmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "80.108.94.196"
FF - prefs.js..network.proxy.http_port: 8123
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M]
 
[2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Extensions
[2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions
[2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia
[2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml
[2010.03.28 13:30:31 | 000,003,171 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml
[2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml
[2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabian Hofmann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Fabian Hofmann\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.13 11:20:34 | 012,472,736 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Fabian Hofmann\Desktop\SUPERAntiSpyware.exe
[2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.08.13 11:03:41 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Fabian Hofmann\Desktop\jre-6u26-windows-i586-iftw.exe
[2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter
[2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe
[2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\Malwarebytes
[2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.11 19:34:42 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.11 08:12:14 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe
[2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio
[2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx
[2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx
[2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx
[2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx
[2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll
[2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL
[2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx
[2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx
[2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx
[2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx
[2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll
[2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\Documents\Neuer Ordner
[2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\NetSpeedMonitor
[2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[1 C:\Users\Fabian Hofmann\AppData\Local\*.tmp files -> C:\Users\Fabian Hofmann\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.14 11:10:49 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.14 11:10:49 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.14 11:10:49 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.14 11:10:49 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.14 11:08:43 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.14 11:07:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.14 11:07:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.14 11:06:31 | 000,002,487 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2011.08.14 11:06:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.14 11:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.14 11:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.13 12:49:07 | 000,176,640 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Fabian Hofmann\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 11:22:05 | 012,472,736 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Fabian Hofmann\Desktop\SUPERAntiSpyware.exe
[2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 11:03:42 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Fabian Hofmann\Desktop\jre-6u26-windows-i586-iftw.exe
[2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe
[2011.08.11 22:18:53 | 000,010,772 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\fehler.jpg
[2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 19:32:54 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.11 19:31:10 | 000,001,134 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FixNCR.reg
[2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.11 08:14:30 | 000,512,992 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe
[2011.08.11 08:09:38 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe
[2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\eng_wappen_110808.zip
[2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\WebpageIcons.db
[2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_LXH7K231557_0.pdf
[2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Users\Fabian Hofmann\AppData\Local\*.tmp files -> C:\Users\Fabian Hofmann\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.11 22:18:53 | 000,010,772 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\fehler.jpg
[2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 19:34:44 | 000,001,134 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FixNCR.reg
[2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.11 08:15:50 | 000,512,992 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe
[2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\eng_wappen_110808.zip
[2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FLT_LXH7K231557_0.pdf
[2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\WebpageIcons.db
[2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\RecConfig.xml
[2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\keyfile3.drm
[2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI
[2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI
[2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI
[2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat
[2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.20 17:23:15 | 000,176,640 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\d3d9caps.dat
[2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini
[2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\Das Fussball Studio
[2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\FileZilla
[2011.08.14 11:34:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\NetSpeedMonitor
[2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\phonostar GmbH
[2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\phonostar-Player
[2011.08.14 11:05:19 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Code:
OTL Extras logfile created on: 14.08.2011 11:33:58 - Run 3
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Fabian Hofmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,02% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 426,66 Gb Free Space | 72,80% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: FABIANHOFMAN-PC | User Name: Fabian Hofmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Users\FABIAN~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\FABIAN~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system |
"{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta)
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CompuGROUP Z1" = CompuGROUP Z1
"Die Sims" = Die Sims
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FIFA International Soccer_is1" = Game FIFA International Soccer
"FileZilla Client" = FileZilla Client 3.5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"SopCast" = SopCast 2.0.4
"Star Alliance Screen Saver_is1" = Star Alliance Screen Saver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"VWLUPO-Key" = VOLKSWAGEN Lupo-Cup
"YTdetect" = Yahoo! Detect
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2011 15:53:49 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.08.2011 04:42:52 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.08.2011 04:59:34 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.08.2011 05:03:07 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.08.2011 05:17:59 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.08.2011 05:33:21 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.08.2011 16:37:11 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.08.2011 21:32:51 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.08.2011 02:21:41 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.08.2011 05:07:44 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 13.07.2011 01:30:31 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321
Description = Der Name "FABIANHOFMAN-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321
Description = Der Name "FABIANHOFMAN-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321
Description = Der Name "FABIANHOFMAN-PC:20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.08.2011 13:53:38 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.08.2011 13:53:38 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
Die im ersten Posting verlinkte Fehlermeldung taucht leider nach wie vor auf. Trotzdem natürlich ein dickes :dankeschoen: für deine Hilfe bisher. Da wurde ja einiges auf meinem System gefunden. Über Java hat sich tatsächlich einiges eingeschlichen.

kira 15.08.2011 07:41
1.
Verwendest Du Proxy?

- wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.

2.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
[2010.03.28 13:30:31 | 000,003,171 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml
[2011.08.11 08:14:30 | 000,512,992 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.08.11 08:09:38 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]

3.
Datei-Kontrolle
Überprüfe deine Einstellungen. - Anleitung
Im Windows-Explorer:
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

4.
könnten von Malware stammen:
Mach bitte einen Rechtsklick auf die im folgenden genannten Dateien (mit der Maus), schau dir an, was unter Eigenschaften steht, kopiere diese Angaben (Datei Version, Beschreibung der Datei, Copyright bei wem? FirmenName) hier in deinen Thread von diesen Anwendungen (bebilderte Anleitung *hier*:
Zitat:
[2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\eng_wappen_110808.zip
[2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_LXH7K231557_0.pdf

Inspector 15.08.2011 15:52
1. Einstellungen sowohl im Firefox als auch im IE angepasst.

2.
Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml moved successfully.
C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe moved successfully.
C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe moved successfully.
C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe moved successfully.
C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe moved successfully.
C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe moved successfully.
C:\Windows\System32\unrar.dll moved successfully.
C:\Users\Fabian Hofmann\Desktop\winlogan.exe moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Fabian Hofmann
->Temp folder emptied: 8574845 bytes
->Temporary Internet Files folder emptied: 4113122 bytes
->Java cache emptied: 27894677 bytes
->FireFox cache emptied: 58428978 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 632 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 824 bytes
RecycleBin emptied: 843387527 bytes
 
Total Files Cleaned = 900,00 mb
 
 
OTL by OldTimer - Version 3.2.26.1 log created on 08152011_163621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
3. erledigt

4. Hier hänge ich nun fest. Welche Informationen benötigst du genau? Einen Screenshot der Eigenschaften? Oder soll ich irgendwas hier hinein kopieren? Aus der bebilderten Anleitung werde ich leider auch nicht schlau.

kira 15.08.2011 19:40
Zitat:
Zitat von Inspector (Beitrag 693431)
4. Oder soll ich irgendwas hier hinein kopieren?
ja...und ob Du die Einträge eventuell kennst?

Inspector 15.08.2011 23:30
Die letzten beiden Dateien sind Online-Tickets der Deutschen Bahn, die drittletzte Datei ist meine Sammlung englischen Fußballwappen.

Die ersten beiden Dateien kenne ich leider nicht. Welche Informationen soll ich nun hier hinein kopieren?

kira 15.08.2011 23:41
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Inspector 16.08.2011 11:21
Code:
OTL logfile created on: 16.08.2011 12:11:42 - Run 4
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\** **\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,83% Memory free
6,22 Gb Paging File | 5,24 Gb Available in Paging File | 84,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 421,16 Gb Free Space | 71,86% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "80.108.94.196"
FF - prefs.js..network.proxy.http_port: 8123
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M]
 
[2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Extensions
[2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions
[2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia
[2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml
[2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml
[2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\** **\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\** **\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\** **\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\** **\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.15 17:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.08.15 16:36:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\** **\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter
[2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
[2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Malwarebytes
[2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio
[2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx
[2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx
[2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx
[2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx
[2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll
[2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL
[2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx
[2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx
[2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx
[2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx
[2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll
[2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\** **\Documents\Neuer Ordner
[2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\NetSpeedMonitor
[2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[1 C:\Users\** **\AppData\Local\*.tmp files -> C:\Users\** **\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.16 12:04:20 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.16 12:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.16 11:23:30 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.16 11:23:30 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.16 11:23:30 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.16 11:23:30 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.16 11:17:16 | 000,002,487 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2011.08.16 11:17:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 11:17:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 11:17:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.16 11:17:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.16 11:08:29 | 000,191,488 | ---- | M] () -- C:\Users\** **\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.15 17:21:13 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.08.15 11:10:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\** **\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
[2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\** **\Desktop\eng_wappen_110808.zip
[2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\** **\AppData\Local\WebpageIcons.db
[2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\** **\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\** **\Desktop\FLT_LXH7K231557_0.pdf
[2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Users\** **\AppData\Local\*.tmp files -> C:\Users\** **\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.15 17:21:13 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\** **\Desktop\eng_wappen_110808.zip
[2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\** **\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\** **\Desktop\FLT_LXH7K231557_0.pdf
[2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\** **\AppData\Local\WebpageIcons.db
[2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\** **\AppData\Local\RecConfig.xml
[2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\** **\AppData\Local\keyfile3.drm
[2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI
[2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI
[2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI
[2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat
[2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.20 17:23:15 | 000,191,488 | ---- | C] () -- C:\Users\** **\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\** **\AppData\Local\d3d9caps.dat
[2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini
[2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Das Fussball Studio
[2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\FileZilla
[2011.08.16 12:13:01 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\NetSpeedMonitor
[2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\phonostar GmbH
[2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\phonostar-Player
[2011.08.16 11:16:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:
OTL Extras logfile created on: 16.08.2011 12:11:42 - Run 4
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\** **n\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,83% Memory free
6,22 Gb Paging File | 5,24 Gb Available in Paging File | 84,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 421,16 Gb Free Space | 71,86% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ** **n | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system |
"{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta)
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CompuGROUP Z1" = CompuGROUP Z1
"Die Sims" = Die Sims
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FIFA International Soccer_is1" = Game FIFA International Soccer
"FileZilla Client" = FileZilla Client 3.5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Recuva" = Recuva
"SopCast" = SopCast 2.0.4
"Star Alliance Screen Saver_is1" = Star Alliance Screen Saver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"VWLUPO-Key" = VOLKSWAGEN Lupo-Cup
"YTdetect" = Yahoo! Detect
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:02:31 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:02:38 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:02:38 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:02:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:02:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:02:44 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 16.08.2011 05:18:47 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.08.2011 10:36:22 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >

kira 16.08.2011 17:21
1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
[2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" =

:Commands
[purity]
[emptytemp]

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Inspector 17.08.2011 10:53
1.
Code:
All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll moved successfully.
C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 moved successfully.
C:\Users\fabian hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" | /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Fabian Hofmann
->Temp folder emptied: 2814623 bytes
->Temporary Internet Files folder emptied: 61147 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42397487 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2378 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 824 bytes
RecycleBin emptied: 128052 bytes
 
Total Files Cleaned = 43,00 mb
 
 
OTL by OldTimer - Version 3.2.26.1 log created on 08172011_090521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
2.
Code:
OTL logfile created on: 17.08.2011 11:31:12 - Run 5
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\** xx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,55% Memory free
6,22 Gb Paging File | 5,12 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 421,09 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: **xx-PC | User Name: ** xx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "80.108.94.196"
FF - prefs.js..network.proxy.http_port: 8123
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M]
 
[2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** xx\AppData\Roaming\mozilla\Extensions
[2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions
[2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia
[2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml
[2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml
[2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\** xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\** xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\** xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\** xx\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\** xx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.15 17:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.08.15 16:36:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\** xx\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter
[2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe
[2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\Malwarebytes
[2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio
[2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx
[2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx
[2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx
[2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx
[2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll
[2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL
[2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx
[2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx
[2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx
[2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx
[2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll
[2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\** xx\Documents\Neuer Ordner
[2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\NetSpeedMonitor
[2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[1 C:\Users\** xx\AppData\Local\*.tmp files -> C:\Users\** xx\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.17 11:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.17 10:15:18 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.17 10:15:18 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.17 10:15:18 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.17 10:15:18 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.17 10:11:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.17 10:09:04 | 000,002,487 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2011.08.17 10:09:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.17 10:09:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 10:09:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 10:08:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.16 11:08:29 | 000,191,488 | ---- | M] () -- C:\Users\** xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.15 17:21:13 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.08.15 11:10:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\** xx\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe
[2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\** xx\Desktop\eng_wappen_110808.zip
[2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\** xx\AppData\Local\WebpageIcons.db
[2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\** xx\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\** xx\Desktop\FLT_LXH7K231557_0.pdf
[2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Users\** xx\AppData\Local\*.tmp files -> C:\Users\** xx\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.15 17:21:13 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\** xx\Desktop\eng_wappen_110808.zip
[2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\** xx\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\** xx\Desktop\FLT_LXH7K231557_0.pdf
[2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\** xx\AppData\Local\WebpageIcons.db
[2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\** xx\AppData\Local\RecConfig.xml
[2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\** xx\AppData\Local\keyfile3.drm
[2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI
[2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI
[2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI
[2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat
[2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.20 17:23:15 | 000,191,488 | ---- | C] () -- C:\Users\** xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\** xx\AppData\Local\d3d9caps.dat
[2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini
[2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\Das Fussball Studio
[2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\FileZilla
[2011.08.17 11:32:12 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\NetSpeedMonitor
[2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\phonostar GmbH
[2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\phonostar-Player
[2011.08.17 09:12:08 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:
OTL Extras logfile created on: 17.08.2011 11:31:13 - Run 5
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\** xx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,55% Memory free
6,22 Gb Paging File | 5,12 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 421,09 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: **xx-PC | User Name: ** xx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" =
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system |
"{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta)
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CompuGROUP Z1" = CompuGROUP Z1
"Die Sims" = Die Sims
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FIFA International Soccer_is1" = Game FIFA International Soccer
"FileZilla Client" = FileZilla Client 3.5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Recuva" = Recuva
"SopCast" = SopCast 2.0.4
"Star Alliance Screen Saver_is1" = Star Alliance Screen Saver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"VWLUPO-Key" = VOLKSWAGEN Lupo-Cup
"YTdetect" = Yahoo! Detect
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.08.2011 04:38:52 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:53 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:53 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description =
 
[ System Events ]
Error - 13.07.2011 12:14:54 | Computer Name = **xx-PC | Source = netbt | ID = 4321
Description = Der Name "**xx-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = **xx-PC | Source = netbt | ID = 4321
Description = Der Name "**xx-PC:20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.08.2011 13:53:38 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.08.2011 13:53:38 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.08.2011 10:36:22 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 17.08.2011 03:05:21 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 17.08.2011 03:10:06 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >

kira 17.08.2011 12:52
1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Inspector 18.08.2011 15:57
1. Ich kann leider AntiVir nicht abschalten. Per Rechtsklick erhalten ich nicht die Option zum abschalten, wenn ich versuche es über den Task-Manager zu beenden, erhalte ich die Fehlermeldung "Zugriff verweigert".

Die Windows Firewall würde ich nur ungern abschalten. Die habe ich bei meinem Laptop mal zwecks Installation eines Surfsticks abgeschaltet und dann nicht mehr in Gang bekommen, weil irgendein Dienst nicht mehr gestartet werden konnte.:heulen:

Kann ich nun direkt mit Punkt 2 beginnen?

Der PC funktioniert soweit wieder, auch die Geschwindigkeit ist wieder ok. Die im ersten Beitrag angehängte Fehlermeldung erscheint aber nach wie vor.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131