Vista Antispyware 2012 hat mich erwischt

Inspector · 11.08.2011, 20:42

Hallo liebes Team,

leider hat mich auch die Vista Antispyware 2012 erwischt. Der Internetzugang über Firefox und den IE war blockiert und es öffneten sich willkürlich Fake-Warnmeldungen.

Was bisher geschah:

1. Nach der Infizierung habe ich zunächst rkill.com heruntergeladen und mehrfach gestartet bis alle Fenster beendet waren.

2. Danach habe ich die FixNCR.reg heruntergeladen und ausgeführt.

3. Anschließend habe ich mir Malwarebytes herunter geladen und einen Quick-Scan ausgeführt, hier das Ergebnis:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7435

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11.08.2011 19:50:41
mbam-log-2011-08-11 (19-50-41).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155692
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\694245456 (Trojan.FakeAlert) -> Value: 694245456 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\ukr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\ALZALZ.BIN (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\System32\ALZZip.BIN (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

4. Danach habe ich noch einen vollständigen Suchlauf gestartet, hier das Ergebnis:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7435

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11.08.2011 21:25:29
mbam-log-2011-08-11 (21-25-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 322130
Laufzeit: 1 Stunde(n), 24 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Das letzte Protokoll klingt ja schon mal ganz gut, aber ich will auf Nummer sicher gehen und benötige dazu eure Hilfe. Wie muss ich weiter vorgehen, damit mein PC auch wirklich wieder "sauber" wird?

P.S. Nachdem mich Antispyware 2012 erwischt hat, habe ich reflexartig erst mal den PC neu gestartet. Dabei hat Microsoft Vista neue Updates installiert. Ich hoffe, das waren auch die "richtigen" Updates und nicht irgendwelche Fake-Updates.

EDIT: Achja, noch was. Nach Starten des PC's erhalten ich neuerdings immer eine Fehlermeldung (s. Anlage).

kira · 12.08.2011, 06:49

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Inspector · 12.08.2011, 14:10

Vielen Dank für deine Antwort.

So, OTL habe ich laufen lassen, hier die Ergebnisse:

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 12.08.2011 14:53:04 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\** **\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,07% Memory free
6,22 Gb Paging File | 5,32 Gb Available in Paging File | 85,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 433,68 Gb Free Space | 73,99% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\** **\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\phonostar\ps_timer.exe (phonostar)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\DesktopEarth\DesktopEarth.exe (CodeFromThe70s.org)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\** **\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 12.08.2011 14:53:04 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\** **\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,07% Memory free
6,22 Gb Paging File | 5,32 Gb Available in Paging File | 85,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 433,68 Gb Free Space | 73,99% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{17824339-C744-47FE-BDF5-CE448C2F0BB5}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4D16FE5A-BC79-4B37-A92F-BB87B3366175}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A181EFF2-3D23-4E51-88B1-71C7A9E8CD60}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system | 
"{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8A8C06A-B1FA-4A23-97E5-5E4A4B6FF1ED}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D63D70E7-CDBA-43B0-81B3-D1D7DF433138}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{DE9F0361-21EC-4CF4-AFBB-4CC0AFA91FE1}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB4D0451-7061-4DD8-B919-83800F636FE5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FF1554C5-0815-4323-AEF3-ACC75AE8CFE0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{42B7723C-31B3-4E6A-B053-11D31CB87ED5}C:\program files\trackmania nations eswc\tmnationseswc.exe" = protocol=6 | dir=in | app=c:\program files\trackmania nations eswc\tmnationseswc.exe | 
"TCP Query User{4C4640C7-54A9-41DE-97A5-680DA79AFA7C}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{B3DE209E-1A24-479F-8FFC-5DDC418404CB}C:\clusterball\xdreamcc.exe" = protocol=6 | dir=in | app=c:\clusterball\xdreamcc.exe | 
"TCP Query User{B573BBF7-F35E-41C6-8EC5-C4379390E537}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{08F7DB70-B8B4-4E82-A872-150985BB3186}C:\clusterball\xdreamcc.exe" = protocol=17 | dir=in | app=c:\clusterball\xdreamcc.exe | 
"UDP Query User{2F0C4E61-819F-4EBE-9FAB-F8CEE38AE2BD}C:\program files\trackmania nations eswc\tmnationseswc.exe" = protocol=17 | dir=in | app=c:\program files\trackmania nations eswc\tmnationseswc.exe | 
"UDP Query User{3EC8DC8C-7570-4912-B1F9-0F53619B2762}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{855DDA6C-CED5-4A4D-BDCD-D777B3B0BAF3}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta)
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CompuGROUP Z1" = CompuGROUP Z1
"Die Sims" = Die Sims
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FIFA International Soccer_is1" = Game FIFA International Soccer
"FileZilla Client" = FileZilla Client 3.5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"SopCast" = SopCast 2.0.4
"Star Alliance Screen Saver_is1" = Star Alliance Screen Saver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.5
"VWLUPO-Key" = VOLKSWAGEN Lupo-Cup
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2011 00:19:26 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.08.2011 08:08:52 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 13.07.2011 01:30:31 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

--- --- ---

--- --- ---

Danach habe ich den CCleaner herunter geladen, hier meine installierten Programme:

Code:

ATTFilter

Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	18.06.2011		10.3.181.26
Adobe Flash Player ActiveX	Adobe Systems Incorporated	10.08.2008		9.0.124.0
Adobe Reader X (10.1.0) - Deutsch	Adobe Systems Incorporated	15.06.2011	165,3MB	10.1.0
ALUpdate	ESTsoft Corp.	13.08.2008	2,05MB	
ALZip	ESTsoft Corp.	13.08.2008	11,8MB	7.0 beta1
ANNO 1602		26.10.2008	3.290MB	1.05
ATI Catalyst Control Center		10.08.2008	24,00KB	2.008.0409.2230
Avira AntiVir Personal - Free Antivirus	Avira GmbH	23.07.2011	65,4MB	10.2.0.696
Browser Address Error Redirector	Dell	10.08.2008		1.00.0000
Bundesliga 2000 - Der Fussball Manager		06.03.2010	570MB	
Canon MP630 series Benutzerregistrierung		22.01.2009	0,52MB	
Canon MP630 series MP Drivers		22.01.2009		
Canon Utilities My Printer		22.01.2009	2,39MB	
CCleaner	Piriform	11.08.2011	3,98MB	3.09
Chinese Simplified Fonts Support For Adobe Reader 8	Adobe Systems	13.03.2010	29,5MB	8.0.0
Compatibility Pack für 2007 Office System	Microsoft Corporation	15.06.2011	56,2MB	12.0.6425.1000
CompuGROUP Z1		18.03.2009	1.211MB	
Das Fussball Studio 8.4.3 (Beta)	vmLOGIC - Volker Mallmann	01.08.2011	20,2MB	8.4.3
Dell Dock	Dell	10.08.2008		1.0.0
Dell Support Center (Support Software)	Dell	14.10.2009		2.2.09085
DerKleineTurnierplaner	Der Kleine Turnierplaner	15.09.2008	10,9MB	1.00.0000
DesktopEarth	CodeFromThe70s.org	15.10.2009	6,85MB	2.1.1
DFS_Media_Tool 2.1.2	vmLOGIC - Volker Mallmann	28.10.2008	0,91MB	2.1.2
Die Sims		07.07.2010	302MB	
DivX Codec	DivX, Inc.	07.12.2008	1,40MB	6.8.5
DivX Converter	DivX, Inc.	07.12.2008	30,4MB	6.6.1
DivX Player		13.11.2008	15,4MB	6.8.2
DivX Web Player	DivX,Inc.	13.11.2008	2,92MB	1.4.2
DNA	BitTorrent Inc.	12.11.2009	0,41MB	2.2.4 (16502)
EDocs		10.08.2008	0,80MB	
FileZilla Client 3.5.0		08.07.2011	13,9MB	3.5.0
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	10.04.2011	3,16MB	
Free YouTube to MP3 Converter version 3.9.35.324	DVDVideoSoft Limited.	10.04.2011	3,38MB	
Game FIFA International Soccer	Electronic Arts	28.07.2009	1,25MB	
Google Earth	Google	12.07.2011	84,7MB	6.0.3.2197
Google Updater	Google Inc.	22.03.2009	3,59MB	2.4.1536.6592
Intel(R) Graphics Media Accelerator Driver		13.08.2008		
Intel(R) PRO Network Connections 12.1.11.0	Intel	10.08.2008	5,91MB	
Java(TM) 6 Update 20	Sun Microsystems, Inc.	10.05.2010	94,5MB	6.0.200
Java(TM) 6 Update 5	Sun Microsystems, Inc.	10.08.2008	171,1MB	1.6.0.50
L&H TTS3000 Deutsch		18.03.2009		
Malwarebytes' Anti-Malware Version 1.51.1.1800	Malwarebytes Corporation	10.08.2011	6,72MB	1.51.1.1800
Max Senft's Vokabeltrainer 1.1b		06.09.2008	1,77MB	1.1b
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	03.06.2009	27,8MB	
Microsoft IntelliPoint 6.1	Microsoft	17.08.2008	11,4MB	6.10.156.0
Microsoft Office Enterprise 2007	Microsoft Corporation	03.06.2009	308MB	12.0.6425.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	29.06.2011	7,92MB	14.0.5130.5003
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	15.06.2011	89,0MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	15.06.2011	14,9MB	4.0.60531.0
Microsoft SQL Server Native Client	Microsoft Corporation	18.03.2009	2,43MB	9.00.3042.00
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.06.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	03.06.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	26.03.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58MB	9.0.30729.6161
Microsoft Works	Microsoft Corporation	14.12.2010		9.7.0621
Mozilla Firefox 5.0 (x86 de)	Mozilla	01.07.2011	99,3MB	5.0
NetSpeedMonitor 2.5.4.0 x86	Florian Gilles	17.07.2011	1,04MB	2.5.4.0
phonostar-Player Version 2.01.4		13.08.2008	9,73MB	
phonostar-Player Version 3.01.8		15.10.2010	30,9MB	
Pro Evolution Soccer 2010 DEMO	KONAMI	02.06.2010	1.030MB	1.00.0000
Realtek High Definition Audio Driver		10.08.2008		
Reflexion	Reflexion	17.08.2010	2,91MB	1.00.0000
SopCast 2.0.4	SopCast.com	26.04.2009	11,3MB	2.0.4
Star Alliance Screen Saver	Star Alliance GmbH	27.10.2008	7,48MB	
Taskbar Shuffle version 2.5	Jay Elaraj	17.07.2009	1,61MB	2.5
TmNationsForever	Nadeo	29.10.2008	717MB	
Turnierplaner	Freeware	07.07.2010	2,55MB	
TVAnts 1.0		26.04.2009	3,64MB	
Uninstall 1.0.0.1		10.04.2011	30,8MB	
Veoh Web Player	Veoh Networks, Inc.	17.05.2010	30,4MB	1.2.1.1209
Vista Codec Package	Shark007	01.12.2008	52,2MB	5.0.3
VLC media player 1.1.5	VideoLAN	22.12.2010	49,0MB	1.1.5
VOLKSWAGEN Lupo-Cup		25.05.2010	8,01MB	
Windows Media Player Firefox Plugin	Microsoft Corp	16.08.2008	0,29MB	1.0.0.8
Zattoo 3.3.4 Beta	Zattoo Inc.	13.06.2009	18,4MB	3.3.4 Beta
Zattoo4 4.0.5	Zattoo Inc.	19.05.2010	39,9MB	4.0.5

kira · 13.08.2011, 08:52

1.
BitTorrent/DNA: gilt als unsicher und sollte daher nicht eingesetzt werden.
Was ist BitTorrent/DNA

2.
ich würde deinstallieren:

Zitat:

Veoh Web Player
http://www.chip.de/downloads/Veoh-We..._31982609.html <- Adware

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

5.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

► berichte auch erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Inspector · 14.08.2011, 11:35

1. Programme ohne Probleme deinstalliert.
2. veoh Web-Player ohne Probleme deinstalliert.
3. Neue Java-Version ohne Probleme installiert
4. keine Probleme bei der Systemreinigung
5.

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/14/2011 at 00:12 AM

Application Version : 5.0.1118

Core Rules Database Version : 7561
Trace Rules Database Version: 5373

Scan type       : Complete Scan
Total Scan Time : 00:33:03

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 682
Memory threats detected   : 0
Registry items scanned    : 36607
Registry threats detected : 0
File items scanned        : 38278
File threats detected     : 2


Trojan.Agent/Gen-FakeAlert[Local]
	C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Z1INFO.EXE
Adware.Tracking Cookie
	secure-uk.imrworldwide.com [ C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UXPAS3YN ]

6. Leider konnte ich das Ausführen der Auto-Run-Funktion nicht verhindern

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8c08c9aee432144fae16b46d78f2951b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-14 07:22:39
# local_time=2011-08-14 09:22:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 1775669 88199432 1768460 0
# compatibility_mode=5892 16776574 66 100 262257 150835596 0 0
# compatibility_mode=8192 67108863 100 0 72588 72588 0 0
# scanned=169260
# found=4
# cleaned=4
C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7a7bdd9e-29852088	Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C
C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\7f7680a8-50925ef5	Java/TrojanDownloader.OpenStream.NAX Trojaner (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C
C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\b45e07d-50ed44b2	Variante von Win32/Kryptik.RKL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)	00000000000000000000000000000000	C
C:\Users\Fabian Hofmann\AppData\Roaming\phonostar-Player\update2.exe	Variante von Win32/Adware.ADON Anwendung (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
# scan_time=3690

7.

Code:

ATTFilter

OTL logfile created on: 14.08.2011 11:33:58 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Fabian Hofmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,02% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 426,66 Gb Free Space | 72,80% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: FABIANHOFMAN-PC | User Name: Fabian Hofmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "80.108.94.196"
FF - prefs.js..network.proxy.http_port: 8123
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M]
 
[2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Extensions
[2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions
[2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia
[2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml
[2010.03.28 13:30:31 | 000,003,171 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml
[2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml
[2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabian Hofmann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Fabian Hofmann\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.13 11:20:34 | 012,472,736 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Fabian Hofmann\Desktop\SUPERAntiSpyware.exe
[2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.08.13 11:03:41 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Fabian Hofmann\Desktop\jre-6u26-windows-i586-iftw.exe
[2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter
[2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe
[2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\Malwarebytes
[2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.11 19:34:42 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.11 08:12:14 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe
[2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio
[2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx
[2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx
[2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx
[2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx
[2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll
[2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL
[2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx
[2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx
[2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx
[2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx
[2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll
[2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\Documents\Neuer Ordner
[2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\NetSpeedMonitor
[2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[1 C:\Users\Fabian Hofmann\AppData\Local\*.tmp files -> C:\Users\Fabian Hofmann\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.14 11:10:49 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.14 11:10:49 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.14 11:10:49 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.14 11:10:49 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.14 11:08:43 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.14 11:07:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.14 11:07:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.14 11:06:31 | 000,002,487 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2011.08.14 11:06:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.14 11:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.14 11:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.13 12:49:07 | 000,176,640 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Fabian Hofmann\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 11:22:05 | 012,472,736 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Fabian Hofmann\Desktop\SUPERAntiSpyware.exe
[2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 11:03:42 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Fabian Hofmann\Desktop\jre-6u26-windows-i586-iftw.exe
[2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe
[2011.08.11 22:18:53 | 000,010,772 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\fehler.jpg
[2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 19:32:54 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.11 19:31:10 | 000,001,134 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FixNCR.reg
[2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.11 08:14:30 | 000,512,992 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe
[2011.08.11 08:09:38 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe
[2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\eng_wappen_110808.zip
[2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\WebpageIcons.db
[2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_LXH7K231557_0.pdf
[2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Users\Fabian Hofmann\AppData\Local\*.tmp files -> C:\Users\Fabian Hofmann\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.11 22:18:53 | 000,010,772 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\fehler.jpg
[2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 19:34:44 | 000,001,134 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FixNCR.reg
[2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.11 08:15:50 | 000,512,992 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe
[2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\eng_wappen_110808.zip
[2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FLT_LXH7K231557_0.pdf
[2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\WebpageIcons.db
[2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\RecConfig.xml
[2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\keyfile3.drm
[2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI
[2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI
[2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI
[2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat
[2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.20 17:23:15 | 000,176,640 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\d3d9caps.dat
[2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini
[2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\Das Fussball Studio
[2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\FileZilla
[2011.08.14 11:34:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\NetSpeedMonitor
[2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\phonostar GmbH
[2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\phonostar-Player
[2011.08.14 11:05:19 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 14.08.2011 11:33:58 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Fabian Hofmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,02% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 426,66 Gb Free Space | 72,80% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: FABIANHOFMAN-PC | User Name: Fabian Hofmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Users\FABIAN~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\FABIAN~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system | 
"{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta)
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CompuGROUP Z1" = CompuGROUP Z1
"Die Sims" = Die Sims
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FIFA International Soccer_is1" = Game FIFA International Soccer
"FileZilla Client" = FileZilla Client 3.5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"SopCast" = SopCast 2.0.4
"Star Alliance Screen Saver_is1" = Star Alliance Screen Saver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"VWLUPO-Key" = VOLKSWAGEN Lupo-Cup
"YTdetect" = Yahoo! Detect
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2011 15:53:49 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 04:42:52 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 04:59:34 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 05:03:07 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 05:17:59 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 05:33:21 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 16:37:11 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2011 21:32:51 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2011 02:21:41 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2011 05:07:44 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 13.07.2011 01:30:31 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321
Description = Der Name "FABIANHOFMAN-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321
Description = Der Name "FABIANHOFMAN-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321
Description = Der Name "FABIANHOFMAN-PC:20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2011 13:53:38 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.08.2011 13:53:38 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Die im ersten Posting verlinkte Fehlermeldung taucht leider nach wie vor auf. Trotzdem natürlich ein dickes

für deine Hilfe bisher. Da wurde ja einiges auf meinem System gefunden. Über Java hat sich tatsächlich einiges eingeschlichen.

kira · 15.08.2011, 07:41

1.
Verwendest Du Proxy?

- wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.

2.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
[2010.03.28 13:30:31 | 000,003,171 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml
[2011.08.11 08:14:30 | 000,512,992 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe
[2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.08.11 08:09:38 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Datei-Kontrolle
Überprüfe deine Einstellungen. - Anleitung
Im Windows-Explorer:
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

4.
könnten von Malware stammen:
Mach bitte einen Rechtsklick auf die im folgenden genannten Dateien (mit der Maus), schau dir an, was unter Eigenschaften steht, kopiere diese Angaben (Datei Version, Beschreibung der Datei, Copyright bei wem? FirmenName) hier in deinen Thread von diesen Anwendungen (bebilderte Anleitung *hier*:

Zitat:

[2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\eng_wappen_110808.zip
[2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_LXH7K231557_0.pdf

Inspector · 15.08.2011, 15:52

1. Einstellungen sowohl im Firefox als auch im IE angepasst.

2.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml moved successfully.
C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe moved successfully.
C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe moved successfully.
C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe moved successfully.
C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe moved successfully.
C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe moved successfully.
C:\Windows\System32\unrar.dll moved successfully.
C:\Users\Fabian Hofmann\Desktop\winlogan.exe moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Fabian Hofmann
->Temp folder emptied: 8574845 bytes
->Temporary Internet Files folder emptied: 4113122 bytes
->Java cache emptied: 27894677 bytes
->FireFox cache emptied: 58428978 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 632 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 824 bytes
RecycleBin emptied: 843387527 bytes
 
Total Files Cleaned = 900,00 mb
 
 
OTL by OldTimer - Version 3.2.26.1 log created on 08152011_163621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

3. erledigt

4. Hier hänge ich nun fest. Welche Informationen benötigst du genau? Einen Screenshot der Eigenschaften? Oder soll ich irgendwas hier hinein kopieren? Aus der bebilderten Anleitung werde ich leider auch nicht schlau.

kira · 15.08.2011, 19:40

Zitat:

Zitat von Inspector

4. Oder soll ich irgendwas hier hinein kopieren?

ja...und ob Du die Einträge eventuell kennst?

Inspector · 15.08.2011, 23:30

Die letzten beiden Dateien sind Online-Tickets der Deutschen Bahn, die drittletzte Datei ist meine Sammlung englischen Fußballwappen.

Die ersten beiden Dateien kenne ich leider nicht. Welche Informationen soll ich nun hier hinein kopieren?

kira · 15.08.2011, 23:41

erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Inspector · 16.08.2011, 11:21

Code:

ATTFilter

OTL logfile created on: 16.08.2011 12:11:42 - Run 4
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\** **\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,83% Memory free
6,22 Gb Paging File | 5,24 Gb Available in Paging File | 84,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 421,16 Gb Free Space | 71,86% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "80.108.94.196"
FF - prefs.js..network.proxy.http_port: 8123
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M]
 
[2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Extensions
[2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions
[2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia
[2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml
[2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml
[2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\** **\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\** **\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\** **\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\** **\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.15 17:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.08.15 16:36:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\** **\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter
[2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
[2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Malwarebytes
[2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio
[2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx
[2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx
[2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx
[2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx
[2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll
[2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL
[2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx
[2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx
[2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx
[2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx
[2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll
[2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\** **\Documents\Neuer Ordner
[2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\NetSpeedMonitor
[2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[1 C:\Users\** **\AppData\Local\*.tmp files -> C:\Users\** **\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.16 12:04:20 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.16 12:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.16 11:23:30 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.16 11:23:30 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.16 11:23:30 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.16 11:23:30 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.16 11:17:16 | 000,002,487 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2011.08.16 11:17:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 11:17:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 11:17:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.16 11:17:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.16 11:08:29 | 000,191,488 | ---- | M] () -- C:\Users\** **\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.15 17:21:13 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.08.15 11:10:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\** **\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
[2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\** **\Desktop\eng_wappen_110808.zip
[2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\** **\AppData\Local\WebpageIcons.db
[2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\** **\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\** **\Desktop\FLT_LXH7K231557_0.pdf
[2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Users\** **\AppData\Local\*.tmp files -> C:\Users\** **\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.15 17:21:13 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\** **\Desktop\eng_wappen_110808.zip
[2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\** **\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\** **\Desktop\FLT_LXH7K231557_0.pdf
[2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\** **\AppData\Local\WebpageIcons.db
[2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\** **\AppData\Local\RecConfig.xml
[2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\** **\AppData\Local\keyfile3.drm
[2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI
[2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI
[2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI
[2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat
[2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.20 17:23:15 | 000,191,488 | ---- | C] () -- C:\Users\** **\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\** **\AppData\Local\d3d9caps.dat
[2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini
[2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Das Fussball Studio
[2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\FileZilla
[2011.08.16 12:13:01 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\NetSpeedMonitor
[2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\phonostar GmbH
[2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\phonostar-Player
[2011.08.16 11:16:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 16.08.2011 12:11:42 - Run 4
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\** **n\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,83% Memory free
6,22 Gb Paging File | 5,24 Gb Available in Paging File | 84,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 421,16 Gb Free Space | 71,86% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ** **n | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system | 
"{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta)
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CompuGROUP Z1" = CompuGROUP Z1
"Die Sims" = Die Sims
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FIFA International Soccer_is1" = Game FIFA International Soccer
"FileZilla Client" = FileZilla Client 3.5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Recuva" = Recuva
"SopCast" = SopCast 2.0.4
"Star Alliance Screen Saver_is1" = Star Alliance Screen Saver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"VWLUPO-Key" = VOLKSWAGEN Lupo-Cup
"YTdetect" = Yahoo! Detect
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:02:31 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:02:38 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:02:38 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:02:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:02:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:02:44 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 05:18:47 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321
Description = Der Name "****-PC:20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2011 10:36:22 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >

kira · 16.08.2011, 17:21

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
[2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5
[2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" =

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Inspector · 17.08.2011, 10:53

1.

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll moved successfully.
C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 moved successfully.
C:\Users\fabian hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" | /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Fabian Hofmann
->Temp folder emptied: 2814623 bytes
->Temporary Internet Files folder emptied: 61147 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42397487 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2378 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 824 bytes
RecycleBin emptied: 128052 bytes
 
Total Files Cleaned = 43,00 mb
 
 
OTL by OldTimer - Version 3.2.26.1 log created on 08172011_090521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2.

Code:

ATTFilter

OTL logfile created on: 17.08.2011 11:31:12 - Run 5
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\** xx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,55% Memory free
6,22 Gb Paging File | 5,12 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 421,09 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: **xx-PC | User Name: ** xx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "80.108.94.196"
FF - prefs.js..network.proxy.http_port: 8123
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M]
 
[2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** xx\AppData\Roaming\mozilla\Extensions
[2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions
[2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com
[2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia
[2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml
[2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml
[2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\** xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\** xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\** xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\** xx\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\** xx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.15 17:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.08.15 16:36:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\** xx\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter
[2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe
[2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\Malwarebytes
[2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio
[2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx
[2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx
[2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx
[2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx
[2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll
[2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL
[2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx
[2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx
[2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx
[2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx
[2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll
[2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\** xx\Documents\Neuer Ordner
[2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\NetSpeedMonitor
[2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[1 C:\Users\** xx\AppData\Local\*.tmp files -> C:\Users\** xx\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.17 11:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.17 10:15:18 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.17 10:15:18 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.17 10:15:18 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.17 10:15:18 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.17 10:11:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.17 10:09:04 | 000,002,487 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
[2011.08.17 10:09:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.17 10:09:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 10:09:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 10:08:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.16 11:08:29 | 000,191,488 | ---- | M] () -- C:\Users\** xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.15 17:21:13 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.08.15 11:10:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\** xx\Desktop\esetsmartinstaller_deu.exe
[2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe
[2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\** xx\Desktop\eng_wappen_110808.zip
[2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\** xx\AppData\Local\WebpageIcons.db
[2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\** xx\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\** xx\Desktop\FLT_LXH7K231557_0.pdf
[2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Users\** xx\AppData\Local\*.tmp files -> C:\Users\** xx\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.15 17:21:13 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\** xx\Desktop\eng_wappen_110808.zip
[2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\** xx\Desktop\FLT_C4C6YV27350_0.pdf
[2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\** xx\Desktop\FLT_LXH7K231557_0.pdf
[2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\** xx\AppData\Local\WebpageIcons.db
[2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\** xx\AppData\Local\RecConfig.xml
[2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\** xx\AppData\Local\keyfile3.drm
[2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI
[2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI
[2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI
[2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI
[2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat
[2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.20 17:23:15 | 000,191,488 | ---- | C] () -- C:\Users\** xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\** xx\AppData\Local\d3d9caps.dat
[2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini
[2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\Das Fussball Studio
[2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\FileZilla
[2011.08.17 11:32:12 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\NetSpeedMonitor
[2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\phonostar GmbH
[2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\phonostar-Player
[2011.08.17 09:12:08 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 17.08.2011 11:31:13 - Run 5
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\** xx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,55% Memory free
6,22 Gb Paging File | 5,12 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586,10 Gb Total Space | 421,09 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS
 
Computer Name: **xx-PC | User Name: ** xx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft
"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = 
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system | 
"{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta)
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CompuGROUP Z1" = CompuGROUP Z1
"Die Sims" = Die Sims
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FIFA International Soccer_is1" = Game FIFA International Soccer
"FileZilla Client" = FileZilla Client 3.5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Recuva" = Recuva
"SopCast" = SopCast 2.0.4
"Star Alliance Screen Saver_is1" = Star Alliance Screen Saver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"VWLUPO-Key" = VOLKSWAGEN Lupo-Cup
"YTdetect" = Yahoo! Detect
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.08.2011 04:38:52 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:53 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:53 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 13.07.2011 12:14:54 | Computer Name = **xx-PC | Source = netbt | ID = 4321
Description = Der Name "**xx-PC:0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.07.2011 12:14:54 | Computer Name = **xx-PC | Source = netbt | ID = 4321
Description = Der Name "**xx-PC:20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.20
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2011 13:53:38 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.08.2011 13:53:38 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2011 10:36:22 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 17.08.2011 03:05:21 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 17.08.2011 03:10:06 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >

kira · 17.08.2011, 12:52

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Inspector · 18.08.2011, 15:57

1. Ich kann leider AntiVir nicht abschalten. Per Rechtsklick erhalten ich nicht die Option zum abschalten, wenn ich versuche es über den Task-Manager zu beenden, erhalte ich die Fehlermeldung "Zugriff verweigert".

Die Windows Firewall würde ich nur ungern abschalten. Die habe ich bei meinem Laptop mal zwecks Installation eines Surfsticks abgeschaltet und dann nicht mehr in Gang bekommen, weil irgendein Dienst nicht mehr gestartet werden konnte.

Kann ich nun direkt mit Punkt 2 beginnen?

Der PC funktioniert soweit wieder, auch die Geschwindigkeit ist wieder ok. Die im ersten Beitrag angehängte Fehlermeldung erscheint aber nach wie vor.

Vista Antispyware 2012 hat mich erwischt

Plagegeister aller Art und deren Bekämpfung: Vista Antispyware 2012 hat mich erwischt