Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.01.2012, 23:31   #1
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



Hallo!
Ich habe mir vor 2 Tagen auch diese Malware eingefangen, bei der die Forderung nach 50 Euro auf schwarzem Bildschirm auftaucht und manchmal auch eine andere in der es heißt ich habe illegal Porno gesehen oder so.
Habe im Eifer des Gefechts mit Malwarebytes die gefundenen Übeltäter nicht beseitigt sondern ingoriert!!!
Beim wiederholten Scan dann nichts mehr gefunden.
Konnte im Anschluß daran über die Systemwiederherstellung wieder Zugriff über meinen Pc bekommen. Jetzt funktioniert wieder alles gut. Würde aber gerne Hilfe haben ob mein Pc jetzt sauber ist, da ich ihn beruflich und für Onlinebanking benutzen muss.
Heute durch SUPERAntiSpyware und Malwarebytes keine Auffälligkeien soweit ich erkennen kann.

Vielen Dank im Voraus

Alt 11.01.2012, 08:07   #2
kira
/// Helfer-Team
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
ATTFilter
Malwarebytes
SuperAntiSpyware Free Edition
(alle vorhandenen Protokolle!)
         
2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 11.01.2012, 12:36   #3
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.01.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
hase :: HASENPC [Administrator]

09.01.2012 00:47:21
mbam-log-2012-01-09 (00-47-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 170032
Laufzeit: 3 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.01.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
hase :: HASENPC [Administrator]

09.01.2012 19:33:59
mbam-log-2012-01-09 (19-33-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 170137
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.01.10.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
hase :: HASENPC [Administrator]

10.01.2012 23:02:02
mbam-log-2012-01-10 (23-02-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 171165
Laufzeit: 4 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)




SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 01/10/2012 at 10:56 PM

Application Version : 5.0.1142

Core Rules Database Version : 8119
Trace Rules Database Version: 5931

Scan type : Quick Scan
Total Scan Time : 00:09:16

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 655
Memory threats detected : 0
Registry items scanned : 30137
Registry threats detected : 0
File items scanned : 8007
File threats detected : 1

Adware.Tracking Cookie
C:\USERS\HASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VVEWHZI0.txt [ Cookie:hase@doubleclick.net/ ]
__________________

Alt 11.01.2012, 14:23   #4
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



Code:
ATTFilter
OTL logfile created on: 11.01.2012 12:40:33 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,85% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 87,32 Gb Free Space | 40,35% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\hase\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\vsnp325.exe ()
PRC - C:\Windows\tsnp325.exe ()
PRC - C:\Windows\FixCamera.exe ()
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\vsnp325.exe ()
MOD - C:\Windows\tsnp325.exe ()
MOD - C:\Windows\FixCamera.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc.              )
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.)
DRV - (ViPrt) -- C:\Windows\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\Windows\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "web.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-IDW&o=APN10023&locale=de_US&apn_uid=9a83f866-1db9-4caf-947e-53568ef1b0ac&apn_ptnrs=LL&apn_sauid=&apn_dtid=YYYYYYYYAT&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.25 21:55:30 | 000,000,000 | ---D | M]
 
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.10 00:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions
[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)
[2012.01.09 23:58:53 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\toolbar@ask.com
[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml
[2010.02.07 13:32:49 | 000,002,172 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml
[2011.08.14 13:52:46 | 000,000,917 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml
[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml
[2011.08.11 22:58:41 | 000,005,508 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml
[2012.01.10 22:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.10 22:58:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.10 23:44:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.10 22:58:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.10 22:58:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.10 22:58:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera
[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira
[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.09 23:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes
[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand
[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.11 12:20:07 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.11 12:20:07 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.11 12:20:07 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.11 12:20:07 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.11 12:16:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.11 12:13:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 12:13:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 12:13:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.11 12:13:19 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.01.11 12:13:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.11 12:13:10 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk
[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:20:49 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps
[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png
[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat
[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI
[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI
[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml
[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini
[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat
[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe
[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat
[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll
[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

< End of report >
         

Alt 11.01.2012, 14:25   #5
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



Code:
ATTFilter
OTL Extras logfile created on: 11.01.2012 12:40:33 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,85% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 87,32 Gb Free Space | 40,35% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{7EE02344-4F05-4F7F-92E2-23D632C31091}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDStyler_is1" = DVDStyler v1.8.2
"Foxit Reader" = Foxit Reader
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Haushaltsbuch" = Haushaltsbuch
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyTomTom" = MyTomTom 3.0.2.363
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.60.1185" = Opera 11.60
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"ST6UNST #1" = CoveDesigner
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"vShare.tv plugin" = vShare.tv plugin 1.3
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7921
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9875
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9875
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11843
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11843
 
Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel
 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit
 01cb779f6f29cc18.
 
Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit
 01cb7b4f47b6065a.
 
Error - 04.11.2010 16:15:33 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3951, Zeitstempel
 0x4cc7ae16, fehlerhaftes Modul FOXITR~1.OCX, Version 1.0.0.1, Zeitstempel 0x495057f6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c8e,  Prozess-ID 0x81c, Anwendungsstartzeit
 01cb7c5cec7dcec2.
 
[ OSession Events ]
Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.01.2012 18:09:56 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.01.2012 18:12:28 | Computer Name = HasenPC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.01.2012 18:22:34 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 09.01.2012 18:27:11 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 09.01.2012 18:33:52 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 09.01.2012 18:44:12 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.01.2012 15:31:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.01.2012 18:48:08 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.01.2012 18:55:51 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 11.01.2012 07:14:54 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         


Alt 11.01.2012, 14:28   #6
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



CCleaner, installierte Programme

Code:
ATTFilter
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	21.12.2008		10.0.12.36
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	22.11.2011		11.1.102.55
Adobe Photoshop 7.0	Adobe Systems, Inc.	04.01.2010	144,7MB	7.0
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	12.06.2011	8,89MB	11.5.9.620
Apple Application Support	Apple Inc.	06.08.2011	60,2MB	2.0.1
Apple Mobile Device Support	Apple Inc.	06.08.2011	22,1MB	3.4.1.2
Apple Software Update	Apple Inc.	06.08.2011	2,38MB	2.1.3.127
Avira Free Antivirus	Avira	08.01.2012	112,3MB	12.0.0.872
Avira SearchFree Toolbar plus Web Protection	Ask.com	08.01.2012	3,64MB	1.14.0.0
Avira SearchFree Toolbar plus Web Protection Updater	{BLD_IS_IE_ADDREMOVE_PRODUCTNAME}	08.01.2012	1,37MB	1.2.0.19934
Bonjour	Apple Inc.	06.08.2011	1,04MB	3.0.0.2
CCleaner	Piriform	27.10.2010	1,29MB	3.00
CoveDesigner		08.11.2008	0,12MB	
DivX Codec	DivX, Inc.	09.03.2009	1,40MB	6.8.5
DivX Converter	DivX, Inc.	09.03.2009	35,9MB	7.0.0
DivX Player	DivX, Inc.	09.03.2009	8,09MB	7.0.0
DivX Plus DirectShow Filters	DivX, Inc.	09.03.2009	1,21MB	
DivX Web Player	DivX,Inc.	09.03.2009	1,34MB	1.4.2
DivxToDVD 0.5.2	VSO-Software SARL	04.01.2009	7,89MB	0.5.2
Download Updater (AOL LLC)		22.06.2011		
DVDStyler v1.8.2		01.12.2010	26,9MB	
FirstSteps Diagnostics	Fujitsu Siemens Computers	17.01.2008	4,67MB	1.00
Foxit Reader		29.05.2009	7,31MB	
Free Video to MP3 Converter version 4.2.12	DVDVideoSoft Limited.	27.10.2010	2,77MB	
Free YouTube to MP3 Converter version 3.9.37.426	DVDVideoSoft Limited.	08.05.2011	2,20MB	
Google Earth	Google	21.11.2011	92,8MB	6.1.0.5001
hama PC-Webcam AC-140	Sonix	04.04.2010	107,4MB	0.1.0.000
Hama PC-Webcam Circle	Hama	09.12.2010	0,16MB	1.0.0.19
Hama Webcam Suite	ArcSoft	04.04.2010	107,4MB	
Haushaltsbuch		02.07.2008	4,53MB	
iTunes	Apple Inc.	06.08.2011	141,9MB	10.4.0.80
Java(TM) 6 Update 30	Sun Microsystems, Inc.	20.12.2008	94,4MB	6.0.300
Java(TM) 6 Update 7	Sun Microsystems, Inc.	11.07.2008	136,2MB	1.6.0.70
Mahjong Towers Eternity EU (remove only)		25.06.2008	15,7MB	
Malwarebytes Anti-Malware Version 1.60.0.1800	Malwarebytes Corporation	09.01.2012	11,6MB	1.60.0.1800
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	05.02.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	31.01.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	23.06.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	23.06.2010	24,5MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	17.10.2011	7,92MB	14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	06.11.2011	295MB	12.0.6612.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	26.05.2010	0,49MB	2.0.4024.1
Microsoft Silverlight	Microsoft Corporation	11.10.2011		4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	06.11.2009	1,74MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	06.11.2009	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	06.11.2009	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	03.08.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	10.08.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	14.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	02.01.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	10.08.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	09.01.2012	11,1MB	10.0.40219
MobileMe Control Panel	Apple Inc.	06.08.2011	12,0MB	3.1.6.0
Mozilla Firefox 9.0.1 (x86 de)	Mozilla	09.01.2012	42,6MB	9.0.1
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	17.01.2008	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	10.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
MyTomTom 3.0.2.363	TomTom	02.07.2011	17,1MB	3.0.2.363
Nero 8 Essentials	Nero AG	25.06.2008	2.072MB	8.0.287
NVIDIA Drivers		18.07.2008		
Opera 11.60	Opera Software ASA	09.01.2012	34,9MB	11.60.1185
Pro Evolution Soccer 2011	KONAMI	13.07.2011	1.937MB	1.00.0000
QuickTime	Apple Inc.	06.08.2011	73,0MB	7.70.80.34
Realtek High Definition Audio Driver		17.01.2008		
Safari	Apple Inc.	22.03.2011	41,3MB	5.33.20.27
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)	Microsoft	20.11.2010	0,29MB	1.0.0
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)	Microsoft	20.11.2010	56,00KB	1.0.0
Shockwave		15.07.2008		
Skype Toolbars	Skype Technologies S.A.	07.06.2011	5,72MB	5.3.7555
Skype™ 5.3	Skype Technologies S.A.	07.06.2011	22,6MB	5.3.116
SopCast 3.2.4	SopCast.com	06.08.2009	9,26MB	3.2.4
SUPERAntiSpyware	SUPERAntiSpyware.com	09.01.2012	75,4MB	5.0.1142
TMPGEnc Plus 2.5	Pegasys Inc.	01.12.2010	4,29MB	2.524.63.181
Uninstall 1.0.0.1		08.05.2011	14,3MB	
VIA Rhine Family Fast Ethernet Adapter		18.11.2008		
VideoCam Suite 1.0	Matsushita Electric Industrial Co., Ltd.	16.08.2008	118,8MB	1.00.012.0007
Visual Studio C++ 10.0 Runtime	TomTom International B.V.	02.07.2011	1,15MB	10.0.0
VLC media player 0.9.8a	VideoLAN Team	04.01.2009	60,9MB	0.9.8a
VoiceOver Kit	Apple Inc.	22.03.2011	41,8MB	1.40.128.0
vShare.tv plugin 1.3	vShare.tv, Inc.	26.09.2011	0,58MB	1.3
Windows Live Essentials	Microsoft Corporation	06.11.2009	117,5MB	14.0.8089.0726
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	26.05.2010	4,69MB	6.500.3165.0
Windows Live Sync	Microsoft Corporation	06.11.2009	2,79MB	14.0.8089.726
Windows Live-Uploadtool	Microsoft Corporation	06.11.2009	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	06.09.2008	0,29MB	1.0.0.8
Winmail Opener 1.4	Eolsoft	17.04.2010	0,37MB	1.4
WinRAR archiver		12.09.2008	3,30MB
         

Alt 11.01.2012, 21:17   #7
kira
/// Helfer-Team
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



1.
Hast Du aus Unwissenheit zugestimmt? Brauchst den Webguard nicht? dann Deinstalliere:
Zitat:
Avira SearchFree Toolbar plus Web Protection Ask.com 08.01.2012 3,64MB 1.14.0.0
Avira SearchFree Toolbar plus Web Protection Updater {BLD_IS_IE_ADDREMOVE_PRODUCTNAME} 08.01.2012 1,37MB 1.2.0.19934
Info
Hinweise zum Einsatz von Freeware-Version Avira AntiVir Personal:
Hier klicken zum Weiterlesen:
-> http://www.chip.de/news/AntiVir-Serv..._45444953.html
► Wer möchte diese Adware auf seinen Rechner haben?!
Lieber ohne Webguard, als mit ein Adware...

2.
wenn ohne deine Erlaubnis installiert wurde und nicht benötigst, kannst deinstallieren:
Code:
ATTFilter
vShare.tv plugin
         
- Manche Erweiterungen wollen sich doch nur wichtig machen

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

5.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 12.01.2012, 20:29   #8
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.01.2012 20:22:12 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 88,93 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.10.27 19:00:06 | 001,861,944 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe
PRC - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.12 20:10:08 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.01.12 20:10:08 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.01.10 22:46:45 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.01.10 22:46:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.11.23 19:47:48 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010.10.27 20:40:32 | 000,028,672 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1031.dll
MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe
MOD - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.06.01 16:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.05.07 16:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "web.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 20:05:19 | 000,000,000 | ---D | M]
 
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.12 19:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions
[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)
[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml
[2010.02.07 13:32:49 | 000,002,172 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml
[2011.08.14 13:52:46 | 000,000,917 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml
[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml
[2011.08.11 22:58:41 | 000,005,508 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml
[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.12 20:14:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.12 20:15:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera
[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira
[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes
[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand
[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.12 20:16:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.12 20:15:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.12 20:15:04 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.12 20:15:04 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.12 20:15:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.12 20:14:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.01.12 20:14:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.12 20:09:28 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 20:09:27 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 20:09:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.01.12 20:09:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.12 20:09:15 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.11 16:35:32 | 000,002,633 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.01.11 16:34:31 | 000,002,593 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Excel 2007.lnk
[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk
[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:20:49 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps
[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png
[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat
[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI
[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI
[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml
[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini
[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat
[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe
[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat
[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll
[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.11.21 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\2pTech
[2010.10.28 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoft
[2011.05.09 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.30 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Foxit
[2010.04.11 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\gtk-2.0
[2011.12.21 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.06.23 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\OpenCandy
[2012.01.10 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Opera
[2008.08.16 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Panasonic
[2010.12.09 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\PeerNetworking
[2009.01.05 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Pegasys Inc
[2010.06.03 15:18:17 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\temp
[2008.12.22 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\TomTom
[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.01.12 20:08:35 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.01.2012 20:22:12 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 88,93 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDStyler_is1" = DVDStyler v1.8.2
"Foxit Reader" = Foxit Reader
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Haushaltsbuch" = Haushaltsbuch
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyTomTom" = MyTomTom 3.0.2.363
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.60.1185" = Opera 11.60
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"ST6UNST #1" = CoveDesigner
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7921
 
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7921
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9875
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9875
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11843
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11843
 
Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel
 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit
 01cb779f6f29cc18.
 
Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit
 01cb7b4f47b6065a.
 
[ OSession Events ]
Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.01.2012 14:49:42 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 12.01.2012, 20:32   #9
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



Hallo Danke für die deine Antwort.
Habe alles gemacht wie geschrieben. zu Punkt 4. Ich habe gar keinen Adobe Reader
Nach der Säuberung mit CCleaner bleibt ein Fehler übrig, der nicht entfernt wird und wenn ich es 100 mal versuche !?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.01.2012 20:22:12 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 88,93 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.10.27 19:00:06 | 001,861,944 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe
PRC - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.12 20:10:08 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.01.12 20:10:08 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.01.10 22:46:45 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.01.10 22:46:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.11.23 19:47:48 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010.10.27 20:40:32 | 000,028,672 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1031.dll
MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe
MOD - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.06.01 16:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.05.07 16:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "web.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 20:05:19 | 000,000,000 | ---D | M]
 
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.12 19:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions
[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)
[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml
[2010.02.07 13:32:49 | 000,002,172 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml
[2011.08.14 13:52:46 | 000,000,917 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml
[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml
[2011.08.11 22:58:41 | 000,005,508 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml
[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.12 20:14:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.12 20:15:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera
[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira
[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes
[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand
[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.12 20:16:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.12 20:15:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.12 20:15:04 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.12 20:15:04 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.12 20:15:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.12 20:14:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.01.12 20:14:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.12 20:09:28 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 20:09:27 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 20:09:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.01.12 20:09:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.12 20:09:15 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.11 16:35:32 | 000,002,633 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.01.11 16:34:31 | 000,002,593 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Excel 2007.lnk
[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk
[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:20:49 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps
[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png
[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat
[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI
[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI
[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml
[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini
[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat
[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe
[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat
[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll
[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.11.21 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\2pTech
[2010.10.28 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoft
[2011.05.09 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.30 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Foxit
[2010.04.11 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\gtk-2.0
[2011.12.21 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.06.23 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\OpenCandy
[2012.01.10 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Opera
[2008.08.16 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Panasonic
[2010.12.09 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\PeerNetworking
[2009.01.05 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Pegasys Inc
[2010.06.03 15:18:17 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\temp
[2008.12.22 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\TomTom
[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.01.12 20:08:35 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.01.2012 20:22:12 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 88,93 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDStyler_is1" = DVDStyler v1.8.2
"Foxit Reader" = Foxit Reader
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Haushaltsbuch" = Haushaltsbuch
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyTomTom" = MyTomTom 3.0.2.363
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.60.1185" = Opera 11.60
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"ST6UNST #1" = CoveDesigner
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7921
 
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7921
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9875
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9875
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11843
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11843
 
Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel
 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit
 01cb779f6f29cc18.
 
Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit
 01cb7b4f47b6065a.
 
[ OSession Events ]
Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.01.2012 14:49:42 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 13.01.2012, 09:12   #10
kira
/// Helfer-Team
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> http://windows.microsoft.com/de-AT/w...nder-on-or-off
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "web.de"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2010.02.07 13:32:49 | 000,002,172 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml
[2011.08.14 13:52:46 | 000,000,917 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml
[2011.08.11 22:58:41 | 000,005,508 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.01.12 20:16:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.12 20:09:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 13.01.2012, 22:13   #11
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "web.de" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml moved successfully.
C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml moved successfully.
C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml moved successfully.
C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\DriverScanner.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DZH~1.OLY

User: hase
->Temp folder emptied: 2000 bytes
->Temporary Internet Files folder emptied: 7841044 bytes
->Java cache emptied: 37439794 bytes
->FireFox cache emptied: 359661467 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 906 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 386,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01132012_220547

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 13.01.2012, 22:20   #12
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.01.2012 22:14:39 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free
6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 87,40 Gb Free Space | 40,39% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe
PRC - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.13 22:10:22 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.01.13 22:10:22 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.01.10 22:46:45 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.01.10 22:46:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.08.29 09:55:00 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe
MOD - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.06.01 16:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.05.07 16:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 22:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 22:03:21 | 000,000,000 | ---D | M]
 
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.13 20:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions
[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)
[2012.01.12 23:28:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.12 23:28:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml
[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml
[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\GUTSCHEINE4FREE@DEVELOPER.COM.XPI
[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.12 20:14:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.13 22:05:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.12 23:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.01.12 22:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.12 22:03:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012.01.12 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\DDMSettings
[2012.01.12 22:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.01.12 22:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012.01.12 21:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.01.12 21:03:57 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\THEORG
[2012.01.12 20:15:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera
[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira
[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes
[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand
[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.13 22:16:54 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.13 22:16:54 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.13 22:16:54 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.13 22:16:54 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.13 22:09:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 22:09:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 22:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.13 22:09:02 | 3217,559,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.12 22:06:21 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.01.12 20:14:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.01.12 20:14:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.11 16:35:32 | 000,002,633 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.01.11 16:34:31 | 000,002,593 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Excel 2007.lnk
[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk
[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.12 22:06:21 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:20:49 | 3217,559,552 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps
[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png
[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat
[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI
[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI
[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml
[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini
[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat
[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe
[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat
[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll
[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.11.21 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\2pTech
[2010.10.28 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoft
[2011.05.09 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.30 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Foxit
[2010.04.11 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\gtk-2.0
[2011.12.21 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.06.23 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\OpenCandy
[2012.01.10 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Opera
[2008.08.16 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Panasonic
[2010.12.09 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\PeerNetworking
[2009.01.05 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Pegasys Inc
[2010.06.03 15:18:17 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\temp
[2008.12.22 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\TomTom
[2012.01.13 22:06:31 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.01.2012 22:14:39 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free
6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 87,40 Gb Free Space | 40,39% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVDStyler_is1" = DVDStyler v1.8.2
"Foxit Reader" = Foxit Reader
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Haushaltsbuch" = Haushaltsbuch
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyTomTom" = MyTomTom 3.0.2.363
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.60.1185" = Opera 11.60
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"ST6UNST #1" = CoveDesigner
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7921
 
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7921
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9875
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9875
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11843
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11843
 
Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel
 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit
 01cb779f6f29cc18.
 
Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit
 01cb7b4f47b6065a.
 
[ OSession Events ]
Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.01.2012 15:20:47 | Computer Name = HasenPC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine
 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.95.2986.0

	Ladende
 Modulversion: 1.1.6402.0
 
Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 13.01.2012, 22:21   #13
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.01.2012 22:14:39 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free
6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 87,40 Gb Free Space | 40,39% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe
PRC - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.13 22:10:22 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.01.13 22:10:22 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.01.10 22:46:45 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.01.10 22:46:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.08.29 09:55:00 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe
MOD - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.06.01 16:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.05.07 16:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 22:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 22:03:21 | 000,000,000 | ---D | M]
 
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions
[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.13 20:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions
[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)
[2012.01.12 23:28:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.12 23:28:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml
[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml
[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\GUTSCHEINE4FREE@DEVELOPER.COM.XPI
[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.12 20:14:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.13 22:05:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.12 23:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.01.12 22:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.12 22:03:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012.01.12 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\DDMSettings
[2012.01.12 22:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.01.12 22:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012.01.12 21:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.01.12 21:03:57 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\THEORG
[2012.01.12 20:15:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera
[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera
[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira
[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes
[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand
[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.13 22:16:54 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.13 22:16:54 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.13 22:16:54 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.13 22:16:54 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.13 22:09:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 22:09:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 22:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.13 22:09:02 | 3217,559,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.12 22:06:21 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.01.12 20:14:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.01.12 20:14:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.11 16:35:32 | 000,002,633 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.01.11 16:34:31 | 000,002,593 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Excel 2007.lnk
[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe
[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk
[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.12 22:06:21 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.09 23:20:49 | 3217,559,552 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}
[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG
[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG
[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf
[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps
[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png
[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat
[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI
[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI
[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml
[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini
[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat
[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe
[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat
[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll
[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.11.21 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\2pTech
[2010.10.28 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoft
[2011.05.09 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.30 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Foxit
[2010.04.11 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\gtk-2.0
[2011.12.21 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\LaunchPad
[2011.06.23 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\OpenCandy
[2012.01.10 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Opera
[2008.08.16 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Panasonic
[2010.12.09 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\PeerNetworking
[2009.01.05 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Pegasys Inc
[2010.06.03 15:18:17 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\temp
[2008.12.22 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\TomTom
[2012.01.13 22:06:31 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.01.2012 22:14:39 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free
6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 87,40 Gb Free Space | 40,39% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
 
Computer Name: HASENPC | User Name: hase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 
"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 
"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 
"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVDStyler_is1" = DVDStyler v1.8.2
"Foxit Reader" = Foxit Reader
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Haushaltsbuch" = Haushaltsbuch
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyTomTom" = MyTomTom 3.0.2.363
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.60.1185" = Opera 11.60
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"ST6UNST #1" = CoveDesigner
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7921
 
Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7921
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9875
 
Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9875
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11843
 
Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11843
 
Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel
 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit
 01cb779f6f29cc18.
 
Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit
 01cb7b4f47b6065a.
 
[ OSession Events ]
Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.01.2012 15:20:47 | Computer Name = HasenPC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine
 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.95.2986.0

	Ladende
 Modulversion: 1.1.6402.0
 
Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 13.01.2012, 23:31   #14
daapool
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



SUPERAntiSpyware Scann-Protokoll
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generiert 01/13/2012 bei 11:28 PM

Version der Applikation : 5.0.1142

Version der Kern-Datenbank : 8132
Version der Spur-Datenbank : 5944

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:03:08

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Gescannte Speicherelemente : 654
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 37724
Erfasste Register-Bedrohungen : 0

Alt 14.01.2012, 07:14   #15
kira
/// Helfer-Team
 
Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Standard

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...



die Schritte 5. und 6. bitte noch

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...
achtung, andere, beseitigt, bildschirm, ebanking, eingefangen, erkenne, erkennen, euro, funktioniert, gefangen, gefundenen, illegal, malware, malwarebytes, nichts, onlinebanking, porno, sauber, scan, schluß, superantispyware, systemwiederherstellung, wurde ihr, würde, zugriff




Ähnliche Themen: Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...


  1. Achtung! Aus Sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 16.05.2012 (10)
  2. achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 12.03.2012 (8)
  3. Achtung Ihr Windowssystem wurde aus Sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 23.02.2012 (25)
  4. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 23.02.2012 (20)
  5. Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert!
    Log-Analyse und Auswertung - 10.02.2012 (30)
  6. Achtung!Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 01.02.2012 (41)
  7. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 30.01.2012 (38)
  8. Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert ...
    Log-Analyse und Auswertung - 29.01.2012 (9)
  9. Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 25.01.2012 (1)
  10. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert!
    Log-Analyse und Auswertung - 21.01.2012 (3)
  11. Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (15)
  12. Achtung! aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (18)
  13. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 07.01.2012 (19)
  14. Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (37)
  15. Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (4)
  16. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 16.12.2011 (1)
  17. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 12.12.2011 (8)

Zum Thema Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... - Hallo! Ich habe mir vor 2 Tagen auch diese Malware eingefangen, bei der die Forderung nach 50 Euro auf schwarzem Bildschirm auftaucht und manchmal auch eine andere in der es - Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert......
Archiv
Du betrachtest: Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.