Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 18.07.2010, 23:35   #1
Sane23
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik



Hallo,
Ich habe bereits viel auf eurem Board und im Internet gestöbert, kann aber keine Universalanleitung zum bereinigen dieses Problems finden (gibt es evtl auch nicht?!). Allerdings hatten gab es heute schon einige Anfragen zur gleichen Problematik! Wie bei den anderen auch habe ich ständig IE-Popups (nutze Firefox), ständig 2 automatisch startende iexplore.exe Prozesse, etwa alle halbe Stunde 20 sek Schlachtmusik im Hintergrund sowie eine sich selbstständig machende Wave-Lautstärke.
Ich hoffe ihr könnt mir irgendwie helfen, bitte?!

Hier mein Hijack-Log:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:57, on 18.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
C:\Programme\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\FlashMute\FlashMute.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\UltraMon\UltraMon.exe
C:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/#!/?ref=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [FlashMute] C:\Programme\FlashMute\FlashMute.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.asus.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - hxxp://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - hxxp://www.arcadetown.com/swf/popcap/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: UpdateCheck - {F536F5F7-8B63-42E9-B6BB-CCA3105651A4} - C:\WINDOWS\system32\mstmdm.dll (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 12163 bytes
         
Vielen Dank für die Hilfe, bin fast am verzweifeln da ich gerade nebenbei versuche meine Masterarbeit zu schreiben :/

PS: Ja, ich weiß mein System ist verhunzt...wird nach der Masterarbeit neu aufgesetzt (Backups mache ich regelmäßig)

Alt 18.07.2010, 23:57   #2
Swisstreasure
/// Malwareteam
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Bitte keine Code Tags.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Minimal-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA (nur 32Bit).
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
             
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
__________________


Alt 19.07.2010, 00:29   #3
Sane23
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik



Danke für die schnelle Antwort...hier schon mal die Log-Files von OTL:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 18.07.2010 23:59:59 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Tristan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 270,00 Mb Available Physical Memory | 26,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,67 Gb Total Space | 3,58 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,75% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 3,73 Gb Total Space | 1,18 Gb Free Space | 31,75% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ASUS_LAPTOP
Current User Name: Tristan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd)
PRC - C:\Programme\UltraMon\UltraMon.exe (Realtime Soft Ltd)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\Programme\FlashMute\flashmute.exe ()
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Programme\UltraMon\RTSUltraMonHook.dll (Realtime Soft Ltd)
MOD - C:\Programme\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Programme\FlashMute\mutelib.dll ()
MOD - C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (Windows SteadyState) -- C:\Programme\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nTuneService) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (zlportio) -- C:\Spiele\UltraStar Deluxe\zlportio.sys File not found
DRV - (TSP) -- C:\WINDOWS\System32\DRIVERS\klif.sys File not found
DRV - (SANDRA) -- C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys File not found
DRV - (s24trans) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys File not found
DRV - (RTCore32) -- C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\rmclock_235_bin\RTCore32.sys File not found
DRV - (naecd) -- C:\DOKUME~1\Tristan\LOKALE~1\Temp\naecd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys File not found
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com)
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking)
DRV - (UltraMonUtility) -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft Ltd)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI Professional LLC)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (BDA_Loader_225) -- C:\WINDOWS\system32\drivers\BDA_Loader_225.sys (WideView Technology Inc.)
DRV - (BDA_Capture_225) -- C:\WINDOWS\system32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD)
DRV - (WDM_Capture_225) -- C:\WINDOWS\system32\drivers\WDM_Capture_225.sys (Computer & Entertainment, Inc.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Cam5603D) -- C:\WINDOWS\system32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (R592) -- C:\WINDOWS\system32\DRIVERS\R592.sys (REDC)
DRV - (risdpntk) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys (REDC)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/#!/?ref=home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.isnichwahr.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.22
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.03 12:17:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.03 12:17:50 | 000,000,000 | ---D | M]
 
[2008.07.21 19:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Extensions
[2010.07.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions
[2010.07.07 09:55:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.02.13 13:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.04.20 16:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.02.04 15:44:52 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2009.08.26 08:06:59 | 000,000,000 | ---D | M] (TableTools) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{7C7F5C11-4ACD-4CDB-9293-2E3F46654E2A}
[2010.01.19 17:21:17 | 000,000,000 | ---D | M] (Context Search) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2009.09.21 15:48:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.05.15 15:49:08 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.07.15 18:04:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.08.03 00:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2010.07.17 13:10:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.04.23 10:05:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.15 18:04:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\autopager@mozilla.org
[2010.02.12 22:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.11.28 15:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\firefox@tvunetworks.com
[2009.08.11 18:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\moveplayer@movenetworks.com
[2010.07.17 13:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\staged-xpis
[2009.08.24 21:37:12 | 000,005,318 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\com-searchde.xml
[2009.09.19 11:05:43 | 000,001,699 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\transfermarktde.xml
[2009.10.09 03:22:33 | 000,004,153 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\youtube.xml
[2010.07.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.03 12:17:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.03 12:17:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.03 12:17:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.03 12:17:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.03 12:17:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.02.24 22:50:21 | 000,000,972 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [XboxStat] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FlashMute] C:\Programme\FlashMute\flashmute.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [IERESETATTRIB] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [IERESETICONS] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2009.06.11 11:26:43 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} hxxp://simcity.ea.com/play/classic/SimCityX.cab (SimCityX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.arcadetown.com/swf/popcap/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: UpdateCheck - {F536F5F7-8B63-42E9-B6BB-CCA3105651A4} - C:\WINDOWS\System32\mstmdm.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper0.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper0.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.05.09 06:19:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{8eb66386-3f0f-11df-b0ac-0012f09d3bad}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell - "" = AutoRun
O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\Shell\AutoRun\command - "" = H:\
O33 - MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell - "" = AutoRun
O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell - "" = AutoRun
O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.18 23:59:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe
[2010.07.18 22:57:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe
[2010.07.17 12:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\SUPERAntiSpyware.com
[2010.07.17 12:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.07.17 12:32:01 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.07.14 11:58:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.10 15:08:12 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.07.10 15:08:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.07.09 19:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.09 19:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.18 23:59:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe
[2010.07.18 23:14:25 | 010,223,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\NTUSER.DAT
[2010.07.18 22:58:48 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.07.18 22:48:45 | 000,002,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk
[2010.07.18 22:48:14 | 000,021,876 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.07.18 22:46:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.18 22:46:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.18 22:36:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.17 12:32:18 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.15 17:50:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.11 15:01:04 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Individuelle Reflexion zur Vorlesung.doc
[2010.07.10 15:08:32 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Spybot - Search & Destroy.lnk
[2010.07.09 16:14:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.04 22:33:58 | 000,108,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.23 20:12:18 | 001,044,772 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 20:12:18 | 000,478,288 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.23 20:12:18 | 000,436,236 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 20:12:18 | 000,091,638 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.23 20:12:18 | 000,068,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.20 03:36:00 | 000,038,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\.recently-used.xbel
[2010.06.20 00:38:20 | 000,222,257 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Kai Moritz.jpg
[2010.06.19 01:29:40 | 000,002,369 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes Folder Watch (Manual).lnk
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.18 22:58:48 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.07.17 12:32:18 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.11 15:00:46 | 000,045,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Individuelle Reflexion zur Vorlesung.doc
[2010.07.10 15:08:32 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Spybot - Search & Destroy.lnk
[2010.06.20 03:36:00 | 000,038,545 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\.recently-used.xbel
[2010.06.20 00:46:15 | 000,222,257 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Kai Moritz.jpg
[2010.02.12 13:21:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010.02.12 13:21:23 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010.02.12 13:21:22 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009.11.30 22:26:59 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.10.01 09:34:54 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009.04.08 03:03:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2008.12.18 04:10:25 | 000,000,207 | ---- | C] () -- C:\WINDOWS\acez3dfireplace.ini
[2008.12.03 03:38:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008.07.23 20:24:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.07.09 22:21:44 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.07.09 22:21:41 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.07.04 09:32:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.05.26 18:56:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.05.21 10:33:38 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.05.14 19:29:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.05.14 18:53:26 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.05.10 13:22:44 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.05.09 06:41:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.05.09 06:38:19 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008.05.09 06:30:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008.05.09 06:25:36 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008.05.09 06:25:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.05.09 06:23:17 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.05.09 06:00:31 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2008.05.09 05:58:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007.03.12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2005.03.02 13:12:14 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.09.07 16:34:59 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004.09.07 16:34:59 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
 
========== LOP Check ==========
 
[2010.03.27 23:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2009.11.30 22:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2010.05.12 19:39:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iTunesFolderWatch
[2009.10.05 00:01:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU
[2010.04.22 04:27:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ODIR
[2008.09.22 03:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap
[2009.02.23 12:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.04.01 00:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.02.23 12:58:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.03.02 16:26:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.07.24 16:26:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\1&1
[2010.03.27 23:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Ableton
[2008.11.23 17:37:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Akai Professional LLC
[2010.02.08 07:57:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Amazon
[2009.04.28 10:16:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Canneverbe_Limited
[2009.02.25 02:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Conor O'Kane
[2010.02.18 01:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Cornelsen
[2008.07.09 21:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\DAEMON Tools
[2010.06.12 05:25:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\foobar2000
[2008.11.17 05:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\GetRightToGo
[2010.06.20 03:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\gtk-2.0
[2010.07.17 13:00:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\ICQ
[2009.02.22 20:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\id Software
[2008.08.02 00:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterVideo
[2009.07.06 19:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\IrfanView
[2008.12.06 02:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Leadertech
[2009.01.07 20:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper
[2008.06.28 20:51:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\RouterControl
[2008.07.29 20:23:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Steinberg
[2010.03.28 05:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\TeamViewer
[2008.05.21 10:33:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\TuneUp Software
[2009.05.26 00:03:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Vso
[2008.05.19 14:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Windows Desktop Search
 
========== Purity Check ==========
 
 
< End of report >
         
OTL.txt
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2010 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Tristan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 270,00 Mb Available Physical Memory | 26,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,67 Gb Total Space | 3,58 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,75% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 3,73 Gb Total Space | 1,18 Gb Free Space | 31,75% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ASUS_LAPTOP
Current User Name: Tristan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Spiele\Combat Arms EU\CombatArms.exe" = C:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Spiele\Combat Arms EU\Engine.exe" = C:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\uusee\UUSeePlayer.exe" = C:\Programme\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"H:\Installed\Civ4\Civilization4.exe" = H:\Installed\Civ4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- File not found
"C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Spiele\Combat Arms EU\CombatArms.exe" = C:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Spiele\Combat Arms EU\Engine.exe" = C:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Spiele\Combat Arms EU\NMService.exe" = C:\Spiele\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe" = C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse -- ()
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS Video Security
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Die Pirateninsel
"{1C94C999-15D2-4C75-9A73-BCC8A677D42E}" = UltraMon
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37D19D22-032C-469E-822B-9F8BD743106E}" = Tiger Woods PGA Tour Golf
"{3BE00B77-04AC-4DFF-BD95-BFF23CB29C27}" = iTunesFolderWatch
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam, NB Pro
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53BA6007-3516-4CF8-844D-80FA625E6ACD}_is1" = GTR 2 1.0.0.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7915FC23-4DB3-4C23-BE74-443ACD13E4A2}_is1" = Archlord Episode 3
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8667C09D-CD26-40BB-95F6-423272ACAA0A}_is1" = WinTimeKill 3.2
"{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis 3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6AE4D46-A845-45CF-A6B2-D5D62780EA69}_is1" = Piratenleben Sprachausgabe 1.0
"{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-2448-5A64-7E8A45000001}" = Adobe Reader Chinese Traditional Fonts
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3 : Raven Shield
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1" = CoH Vire Map Pack
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.4 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"AirStrike 3D: Operation W.A.T." = AirStrike 3D: Operation W.A.T.
"Alien Shooter 2" = Alien Shooter 2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Asus ChkMail" = Asus ChkMail
"Asus_A6_ScreenSaver" = Asus_A6_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Billiard Master 2" = Billiard Master 2
"Bowling Master" = Bowling Master
"Collab" = Collab
"Combat Arms EU" = Combat Arms EU
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Duden" = Duden
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 8" = FL Studio 8
"foobar2000" = foobar2000 v0.9.6
"Gestrandet" = Gestrandet
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"Hamachi" = Hamachi 1.0.3.0
"HControl" = ATK0100 ACPI UTILITY
"HijackThis" = HijackThis 2.0.2
"Homeworld2" = Homeworld2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IL Download Manager" = IL Download Manager
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS Video Security
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Live 8.0.1" = Live 8.0.1
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoGear" = MotoGear
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Native Instruments Traktor Dj Studio v3.0.1.108" = Native Instruments Traktor Dj Studio v3.0.1.108
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"NVIDIA Drivers" = NVIDIA Drivers
"ODIR_is1" = ODIR
"Orions" = Orions
"PartyPoker" = PartyPoker
"PGS Pair it" = PGS Pair it
"Playlogic_KOTT2" = Knights of the Temple 2
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealAlt_is1" = Real Alternative 1.9.0
"RouterControl" = RouterControl 1.91
"SFT Loader" = SFT Loader 2006 b4
"SopCast" = SopCast 3.0.3
"Spb Brain Evolution for Pocket PC" = Spb Brain Evolution for Pocket PC
"Spb Finance" = Spb Finance
"Spb Pocket Plus" = Spb Pocket Plus
"Steinberg Cubase SX v2.01" = Steinberg Cubase SX v2.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Tilelander" = Tilelander
"Toxic Biohazard" = Toxic Biohazard
"TVAnts 1.0" = TVAnts 1.0
"UltraISO_is1" = UltraISO Premium V9.33
"UltraStar Deluxe" = UltraStar Deluxe
"Update Service" = Update Service
"UUSEE(ÓÆÊÓÍøÂçµçÊÓ)" = UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinRAR archiver" = WinRAR
"WisBar Advance Desktop_is1" = WisBar Advance Desktop 1.0 build 5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wsu_is1" = WinSpeedUp 2.9
"wwtbam" = wwtbam
"X3 Bonuspaket_is1" = X3 Bonuspaket 3.1.07
"X-Lite 1.5_is1" = X-Lite 3.0
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FlashMute" = FlashMute
"Skat-Online V7" = Skat-Online V7
"Vietcong 2" = Vietcong 2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2010 16:40:16 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 71391
 
Error - 18.07.2010 16:40:32 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.07.2010 16:40:32 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 86985
 
Error - 18.07.2010 16:40:32 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 86985
 
Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 102610
 
Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 102610
 
Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 118250
 
Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 118250
 
[ OSession Events ]
Error - 30.11.2008 12:34:38 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18168
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2008 01:33:10 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 486
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 22.01.2009 04:40:25 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 704
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 25.03.2009 03:45:32 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19637
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.04.2009 06:28:31 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1626
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 06.10.2009 08:08:30 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5739
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2009 07:46:48 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10606
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2009 03:08:28 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3274
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2010 02:32:30 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57008
 seconds with 3480 seconds of active time.  This session ended with a crash.
 
Error - 04.03.2010 12:55:39 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27168
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.07.2010 05:40:42 | Computer Name = ASUS_LAPTOP | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 5.216.255.157 über die
   Netzwerkkarte mit der Netzwerkadresse 7A7905D8FF9D ist verloren gegangen.
 
Error - 14.07.2010 05:40:56 | Computer Name = ASUS_LAPTOP | Source = ipnathlp | ID = 32003
Description = Der Übersetzer für Netzwerkadressen (NAT) konnte  keine Anfrage des
 Übersetzungsmoduls des Kernelmodus stellen.  Möglicherweise liegen eine falsche Konfiguration,
 unzureichende Ressourcen oder  ein interner Fehler vor.  Die Daten enthalten den Fehlercode.
 
Error - 15.07.2010 11:51:44 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 15.07.2010 11:51:44 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 17.07.2010 06:17:57 | Computer Name = ASUS_LAPTOP | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 5.216.255.157 über die
   Netzwerkkarte mit der Netzwerkadresse 7A7905D8FF9D ist verloren gegangen.
 
Error - 17.07.2010 06:18:42 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst nTuneService.
 
Error - 17.07.2010 06:19:09 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst stisvc.
 
Error - 18.07.2010 09:27:23 | Computer Name = ASUS_LAPTOP | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 5.216.255.157 über die
   Netzwerkkarte mit der Netzwerkadresse 7A7905D8FF9D ist verloren gegangen.
 
Error - 18.07.2010 16:26:38 | Computer Name = ASUS_LAPTOP | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {9E175B68-F52A-11D8-B9A5-505054503030}
 
Error - 18.07.2010 16:39:02 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst nTuneService.
 
[ TuneUp Events ]
Error - 25.03.2009 08:56:50 | Computer Name = ASUS_LAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 25.03.2009 08:56:50 | Computer Name = ASUS_LAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         
Mache mich jetzt an die Rootkit-Suche...toitoitoi
__________________

Alt 19.07.2010, 12:05   #4
Sane23
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik



Guten Morgen,

Habe über Nacht den Rootkit-Scan laufen lassen - hat ganz schön gedauert, aber jetzt ist die Log-File da:

Gmer.log:
GMER Logfile:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-19 11:41:29
Windows 5.1.2600 Service Pack 3
Running: rskhylmd.exe; Driver: C:\DOKUME~1\Tristan\LOKALE~1\Temp\pwriqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F7B6383E                                                                                                              ZwCreateKey
SSDT            F7B63834                                                                                                              ZwCreateThread
SSDT            F7B63843                                                                                                              ZwDeleteKey
SSDT            F7B6384D                                                                                                              ZwDeleteValueKey
SSDT            F7B63852                                                                                                              ZwLoadKey
SSDT            F7B63820                                                                                                              ZwOpenProcess
SSDT            F7B63825                                                                                                              ZwOpenThread
SSDT            F7B6385C                                                                                                              ZwReplaceKey
SSDT            F7B63857                                                                                                              ZwRestoreKey
SSDT            F7B63848                                                                                                              ZwSetValueKey
SSDT            F7B6382F                                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                section is writeable [0xF1671300, 0x3AE88, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0xF786F300, 0x1B7E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device          \Driver\USBSTOR \Device\0000009c                                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                               SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\USBSTOR \Device\000000a1                                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\VClone \Device\Scsi\VClone1                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x58 0x3E 0x98 0xEA ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                0x83 0x62 0x46 0xD3 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                   C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                       0x71 0xE5 0xB6 0x9F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                 0x67 0xD9 0x14 0x93 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       1
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x58 0x3E 0x98 0xEA ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x83 0x62 0x46 0xD3 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x71 0xE5 0xB6 0x9F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x67 0xD9 0x14 0x93 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x56 0x66 0xEF 0xB5 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x0D 0xF5 0xAD 0x50 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xA2 0x52 0x10 0x0A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x6B 0xCB 0x6E 0xEA ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x71 0xE5 0xB6 0x9F ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x76 0xC3 0xD1 0x14 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3144017088-4020193912-339086136-1005@RefCount  55

---- EOF - GMER 1.0.15 ----
         
--- --- ---

--- --- ---


PS: Können die Emulations-Programme wieder per "defogger" aktiviert werden?

Alt 19.07.2010, 14:44   #5
Swisstreasure
/// Malwareteam
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik



Du kannst mit DeFogger die Laufwerke wieder aktivieren und den DeFogger dann löschen.

Die Infektion hast Du Dir über ein externen Medium geholt.

Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

Desinfizierung/Absicherung externer Medien

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:
  1. Trenne den Rechner physikalisch vom Netz.
  2. Deaktiviere den Hintergrundwächter deines AVP.
  3. Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
  4. Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
  5. Wenn der Scan zuende ist, kannst du das Programm schließen.
  6. Starte Deinen Rechner neu.
Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.

Schritt 3

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

Schritt 4

Sicherheitsrisiko Adobe Arcrobat Reader

Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Die Empfehlung lautet, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader 9.3.x herunter und installiere ihn, achte bei der Installation darauf, Zusatzprogramme und/oder Toolbars abzuwählen.

Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, kannst Du stattdessen auch einen alternativen PDF-Anzeiger zu nutzen, beispielsweise den Foxit PDF Reader. Er ist "schlanker" und benutzt weniger Resourcen. Achte auch hier darauf, bei der Installation Zusatzprogramme und/oder Toolbars abzuwählen.

Schritt 5

C:\Programme\Bonjour\mDNSResponder.exe

Bei Dir läuft Bonjour, welches von Apple ungefragt z. B. bei iTunes oder Safari-Browser mitinstalliert wird. Das Programm wird von vielen Usern gar nicht gebraucht. Ich habe bei Wikipedia ausführliche Informationen zu dem Programm Bonjour gefunden und beschreibe Dir im Anschluss, wie man das Programm wieder deinstallieren kann, falls das über den normalen Weg Systemsteuerung - Software nicht möglich ist. Solltest Du es nicht brauchen, bitte zunächst versuchen, es über Systemsteuerung => Software zu deinstallieren. Sollte das nicht möglich sein, fahre wie folgt fort:
  1. Start => ausführen => dort reinschreiben: services.msc => OK => es öffnet sich das "Dienste"-Fenster.
    "Bonjour Dienst" in der Liste auswählen und "Beenden" ausführen.
  2. Kommandozeile öffnen: Start => ausführen => cmd reinschreiben
    und ins Verzeichnis "<Systemvolume>\Programme\Bonjour" wechseln,
    z. B. mit dem Kommando: cd "C:\Programme\Bonjour"
  3. Folgendes Kommando eingeben: mDNSResponder -remove
  4. Danach kannst Du den Ordner C:\Programme\Bonjour löschen.
Wenn das so nicht klappt, gehe auf diese Seite, lade Dir lspfix.zip runter und entpacke das Archiv auf Deinen Desktop. Wenn Du kein Zip-Programm hast, kannst Du auch LSPFix.exe und spfix.txt runterladen. Starte LSPFix.exe, schiebe mit dem >>-Button die mdnsnsp.dll nach rechts, da sie muss raus, hake "I know what i'm doing" an und klicke auf "Finish". Rechner neu starten. Der Ordner C:\Programme\Bonjour\ sollte sich nun löschen lassen.

Schritt 6

Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
O21 - SSODL: UpdateCheck - {F536F5F7-8B63-42E9-B6BB-CCA3105651A4} - C:\WINDOWS\System32\mstmdm.dll
O4 - HKCU..\Run: []  File not found
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O33 - MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{8eb66386-3f0f-11df-b0ac-0012f09d3bad}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell - "" = AutoRun
O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\Shell\AutoRun\command - "" = H:\
O33 - MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell - "" = AutoRun
O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell - "" = AutoRun
O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
:Commands
[CLEARALLRESTOREPOINTS]
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 7

Downloade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel:
Malwarebytes - MajorGeeks.com - BestTechie
  • Anwendbar auf Windows 2000, XP und Vista.
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
  • Aktiviere "Komplett Scan durchführen" => Scan.
  • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
  • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
  • Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.


Alt 19.07.2010, 21:26   #6
Sane23
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik



Guten Abend,

Ich habe jetzt die Schritte 1-6 abgearbeitet wie du es beschrieben hast (wirklich super verständlich, danke).

Schritt 2: Ist es korrekt, das der Flash Disinfecter kaum 5 Sekunden für den Scan benötigt? Kam mir verdächtig kurz vor, bei 2 externen Speichermedien und interner 80GB Platte.

Schritt 6: Die OTL.exe ist beim ersten Fixversuch kurz vorm Ende abgeschmiert. Beim Neustart gab es leider auch keine Log-File. Daher habe ich den Fix einfach nochmal durchgeführt und er ist wieder am Ende abgestürzt. Diesmal sagte er vorher aber schon "Prozess Complete" und beim Neustarten habe ich auch eine Log-File gehabt. (Hätte ich wieder die SafeList bei Extra-Registrierung und LOP- und Purity-Prüfung ankreuzen müssen?)

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\UpdateCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F536F5F7-8B63-42E9-B6BB-CCA3105651A4}\ not found.
File C:\WINDOWS\System32\mstmdm.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\ not found.
Item G:\ is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eb66386-3f0f-11df-b0ac-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8eb66386-3f0f-11df-b0ac-0012f09d3bad}\ not found.
File G:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\ not found.
Item H:\ is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\ not found.
Item G:\ is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\ not found.
Item G:\ is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\ not found.
Item G:\ is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
========== COMMANDS ==========
Unable to start service SRService!
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 208658 bytes
->Flash cache emptied: 75 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 75 bytes
 
User: Gast
->Temp folder emptied: 161602 bytes
->Temporary Internet Files folder emptied: 101007 bytes
->FireFox cache emptied: 67321646 bytes
->Flash cache emptied: 5357 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 465852 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144185235 bytes
->Flash cache emptied: 1492 bytes
 
User: Tristan
->Temp folder emptied: 1120445786 bytes
->Temporary Internet Files folder emptied: 294978092 bytes
->Java cache emptied: 89055034 bytes
->FireFox cache emptied: 66250564 bytes
->Flash cache emptied: 1620727 bytes
 
User: Uni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 75 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3775367 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28008034 bytes
RecycleBin emptied: 333463024 bytes
 
Total Files Cleaned = 2.051,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07192010_205652

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BKW9UX47\st[10] not found!
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BKW9UX47\st[11] not found!
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BKW9UX47\st[8] not found!
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BKW9UX47\st[9] not found!

Registry entries deleted on Reboot...
         
Ich werde jetzt erstmal zu Abend essen und mich dann mit Schritt 7 und Malwarebytes Anti-Malware weitermachen. Vielleicht habe ich dann ja schon eine Antwort von dir.

Nochmal tausend Dank für die Mühe.

Alt 19.07.2010, 22:48   #7
Swisstreasure
/// Malwareteam
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik



Die Dateien dürfte bereits beim zweiten Fix gelöscht worden sein. Ja Flashdesinfector geht nicht lange das ist normal.
Führe noch Schritt 7 aus. Danach poste gleich noch neue OTL Logs:

Erneuter Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Alt 20.07.2010, 14:30   #8
Sane23
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik



Mahlzeit,

Habe gestern noch den Anti-Malware Scan gemacht und danach die OTL.exe ausgeführt. Die Log-Files gibt es im Anhang. Leider habe ich aber immer noch 2 laufende (und selbstständig neu startende) iexplore.exe Prozesse, ständige Ppups ohne erkennbaren Grund und auch die Wave-Lautstärke führt nach wie vor ein Eigenleben.
Hast du noch eine Idee was man tun könnte? Oder habe ich etwas falsch gemacht? Die allgemeine Performance des Systems ist allerdings besser geworden.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4327

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.07.2010 02:14:29
mbam-log-2010-07-20 (02-14-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|H:\|M:\|)
Durchsuchte Objekte: 329062
Laufzeit: 2 Stunde(n), 22 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\VVSN (Adware.WhenU) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\Image-Line\Toxic Biohazard\Toxic Biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Audio\Cubase SX\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Audio\Traktor DJ Studio 3\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\Tools\FlashMute_2.exe (Adware.BetterInternet) -> Quarantined and deleted successfully.
C:\Spiele\Flat Out 2\Trainer\pdtrain.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
H:\Backup Tristan\Downloads\TuneUpUtilities2009.8.0.2000.35\Keygen(FFF)\TuneUp.Utilities.2009-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
M:\Keygen.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
M:\Downloads\Programme & Tools\Internet-Tools\Downloaden\ALPlugin-1.0.2.4-setup.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
M:\Downloads\Programme & Tools\Burning-Tools\Alcohol 1.9.5\Activator\alcohol_activator.exe (Trojan.Agent) -> Quarantined and deleted successfully.
M:\Downloads\Programme & Tools\Audio-Tools\Tools\MP3\Winamp 5.03\Viz\Cubes_Visualization.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
M:\Downloads\Programme & Tools\Audio-Tools\Novation\Novation.V-Station.VSTi.v1.20.Incl.KeyGen-H2O\nvsta120.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
OTL Extras logfile created on: 20.07.2010 02:38:46 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Tristan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 565,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,67 Gb Total Space | 5,56 Gb Free Space | 7,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,75% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 3,73 Gb Total Space | 1,18 Gb Free Space | 31,75% Space Free | Partition Type: FAT32
Drive H: | 74,53 Gb Total Space | 0,57 Gb Free Space | 0,77% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 279,39 Gb Total Space | 21,82 Gb Free Space | 7,81% Space Free | Partition Type: FAT32
 
Computer Name: ASUS_LAPTOP
Current User Name: Tristan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Spiele\Combat Arms EU\CombatArms.exe" = C:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Spiele\Combat Arms EU\Engine.exe" = C:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\uusee\UUSeePlayer.exe" = C:\Programme\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"H:\Installed\Civ4\Civilization4.exe" = H:\Installed\Civ4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- File not found
"C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Spiele\Combat Arms EU\CombatArms.exe" = C:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Spiele\Combat Arms EU\Engine.exe" = C:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Spiele\Combat Arms EU\NMService.exe" = C:\Spiele\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe" = C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse -- ()
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS Video Security
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Die Pirateninsel
"{1C94C999-15D2-4C75-9A73-BCC8A677D42E}" = UltraMon
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37D19D22-032C-469E-822B-9F8BD743106E}" = Tiger Woods PGA Tour Golf
"{3BE00B77-04AC-4DFF-BD95-BFF23CB29C27}" = iTunesFolderWatch
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam, NB Pro
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53BA6007-3516-4CF8-844D-80FA625E6ACD}_is1" = GTR 2 1.0.0.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7915FC23-4DB3-4C23-BE74-443ACD13E4A2}_is1" = Archlord Episode 3
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8667C09D-CD26-40BB-95F6-423272ACAA0A}_is1" = WinTimeKill 3.2
"{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis 3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6AE4D46-A845-45CF-A6B2-D5D62780EA69}_is1" = Piratenleben Sprachausgabe 1.0
"{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-2448-5A64-7E8A45000001}" = Adobe Reader Chinese Traditional Fonts
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3 : Raven Shield
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1" = CoH Vire Map Pack
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"AirStrike 3D: Operation W.A.T." = AirStrike 3D: Operation W.A.T.
"Alien Shooter 2" = Alien Shooter 2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Asus ChkMail" = Asus ChkMail
"Asus_A6_ScreenSaver" = Asus_A6_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Billiard Master 2" = Billiard Master 2
"Bowling Master" = Bowling Master
"Collab" = Collab
"Combat Arms EU" = Combat Arms EU
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Duden" = Duden
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 8" = FL Studio 8
"foobar2000" = foobar2000 v0.9.6
"Gestrandet" = Gestrandet
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"Hamachi" = Hamachi 1.0.3.0
"HControl" = ATK0100 ACPI UTILITY
"HijackThis" = HijackThis 2.0.2
"Homeworld2" = Homeworld2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS Video Security
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Live 8.0.1" = Live 8.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoGear" = MotoGear
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Native Instruments Traktor Dj Studio v3.0.1.108" = Native Instruments Traktor Dj Studio v3.0.1.108
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"NVIDIA Drivers" = NVIDIA Drivers
"ODIR_is1" = ODIR
"Orions" = Orions
"PartyPoker" = PartyPoker
"PGS Pair it" = PGS Pair it
"Playlogic_KOTT2" = Knights of the Temple 2
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealAlt_is1" = Real Alternative 1.9.0
"RouterControl" = RouterControl 1.91
"SFT Loader" = SFT Loader 2006 b4
"SopCast" = SopCast 3.0.3
"Spb Brain Evolution for Pocket PC" = Spb Brain Evolution for Pocket PC
"Spb Finance" = Spb Finance
"Spb Pocket Plus" = Spb Pocket Plus
"Steinberg Cubase SX v2.01" = Steinberg Cubase SX v2.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Tilelander" = Tilelander
"Toxic Biohazard" = Toxic Biohazard
"TVAnts 1.0" = TVAnts 1.0
"UltraISO_is1" = UltraISO Premium V9.33
"UltraStar Deluxe" = UltraStar Deluxe
"Update Service" = Update Service
"UUSEE(ÓÆÊÓÍøÂçµçÊÓ)" = UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinRAR archiver" = WinRAR
"WisBar Advance Desktop_is1" = WisBar Advance Desktop 1.0 build 5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wsu_is1" = WinSpeedUp 2.9
"wwtbam" = wwtbam
"X3 Bonuspaket_is1" = X3 Bonuspaket 3.1.07
"X-Lite 1.5_is1" = X-Lite 3.0
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FlashMute" = FlashMute
"Skat-Online V7" = Skat-Online V7
"Vietcong 2" = Vietcong 2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 102610
 
Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 102610
 
Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 118250
 
Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 118250
 
Error - 19.07.2010 13:20:06 | Computer Name = ASUS_LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3828,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
 
Error - 19.07.2010 13:52:52 | Computer Name = ASUS_LAPTOP | Source = MsiInstaller | ID = 11719
Description = Product: Adobe Reader Chinese Traditional Fonts -- Error 1719.The 
Windows Installer Service could not be accessed. This can occur if you are running
 Windows in safe mode, or if the Windows Installer is not correctly installed. Contact
 your support personnel for assistance.
 
Error - 19.07.2010 14:37:27 | Computer Name = ASUS_LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung otl.exe, Version 3.2.9.1, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x18804e7c.
 
Error - 19.07.2010 15:04:53 | Computer Name = ASUS_LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung otl.exe, Version 3.2.9.1, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x18804e7c.
 
[ OSession Events ]
Error - 30.11.2008 12:34:38 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18168
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2008 01:33:10 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 486
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 22.01.2009 04:40:25 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 704
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 25.03.2009 03:45:32 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19637
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.04.2009 06:28:31 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1626
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 06.10.2009 08:08:30 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5739
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2009 07:46:48 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10606
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2009 03:08:28 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3274
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2010 02:32:30 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57008
 seconds with 3480 seconds of active time.  This session ended with a crash.
 
Error - 04.03.2010 12:55:39 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27168
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.07.2010 14:56:53 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "nTune Service" wurde unerwartet beendet. Dies ist bereits 
1 Mal passiert.
 
Error - 19.07.2010 14:56:53 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "TeamViewer 5" wurde unerwartet beendet. Dies ist bereits 1
 Mal passiert.
 
Error - 19.07.2010 14:56:53 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 19.07.2010 14:56:54 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 19.07.2010 14:56:55 | Computer Name = ASUS_LAPTOP | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 19.07.2010 14:56:55 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 19.07.2010 15:07:28 | Computer Name = ASUS_LAPTOP | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 19.07.2010 15:07:30 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 19.07.2010 20:25:03 | Computer Name = ASUS_LAPTOP | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 19.07.2010 20:25:05 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
[ TuneUp Events ]
Error - 25.03.2009 08:56:50 | Computer Name = ASUS_LAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 25.03.2009 08:56:50 | Computer Name = ASUS_LAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 20.07.2010 02:38:46 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Tristan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 565,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,67 Gb Total Space | 5,56 Gb Free Space | 7,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,75% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 3,73 Gb Total Space | 1,18 Gb Free Space | 31,75% Space Free | Partition Type: FAT32
Drive H: | 74,53 Gb Total Space | 0,57 Gb Free Space | 0,77% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 279,39 Gb Total Space | 21,82 Gb Free Space | 7,81% Space Free | Partition Type: FAT32
 
Computer Name: ASUS_LAPTOP
Current User Name: Tristan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd)
PRC - C:\Programme\UltraMon\UltraMon.exe (Realtime Soft Ltd)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\Programme\FlashMute\flashmute.exe ()
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Programme\UltraMon\RTSUltraMonHook.dll (Realtime Soft Ltd)
MOD - C:\Programme\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Programme\FlashMute\mutelib.dll ()
MOD - C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (Windows SteadyState) -- C:\Programme\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nTuneService) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (zlportio) -- C:\Spiele\UltraStar Deluxe\zlportio.sys File not found
DRV - (TSP) -- C:\WINDOWS\System32\DRIVERS\klif.sys File not found
DRV - (SANDRA) -- C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys File not found
DRV - (s24trans) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys File not found
DRV - (RTCore32) -- C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\rmclock_235_bin\RTCore32.sys File not found
DRV - (naecd) -- C:\DOKUME~1\Tristan\LOKALE~1\Temp\naecd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys File not found
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com)
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking)
DRV - (UltraMonUtility) -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft Ltd)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI Professional LLC)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (BDA_Loader_225) -- C:\WINDOWS\system32\drivers\BDA_Loader_225.sys (WideView Technology Inc.)
DRV - (BDA_Capture_225) -- C:\WINDOWS\system32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD)
DRV - (WDM_Capture_225) -- C:\WINDOWS\system32\drivers\WDM_Capture_225.sys (Computer & Entertainment, Inc.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Cam5603D) -- C:\WINDOWS\system32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (R592) -- C:\WINDOWS\system32\DRIVERS\R592.sys (REDC)
DRV - (risdpntk) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys (REDC)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/#!/?ref=home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.isnichwahr.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.22
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.03 12:17:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.19 20:29:00 | 000,000,000 | ---D | M]
 
[2008.07.21 19:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Extensions
[2010.07.19 20:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions
[2010.07.07 09:55:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.20 16:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.02.04 15:44:52 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2009.08.26 08:06:59 | 000,000,000 | ---D | M] (TableTools) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{7C7F5C11-4ACD-4CDB-9293-2E3F46654E2A}
[2010.01.19 17:21:17 | 000,000,000 | ---D | M] (Context Search) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2009.09.21 15:48:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.05.15 15:49:08 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.07.15 18:04:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.08.03 00:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2010.07.17 13:10:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.04.23 10:05:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.15 18:04:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\autopager@mozilla.org
[2010.02.12 22:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.11.28 15:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\firefox@tvunetworks.com
[2009.08.11 18:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\moveplayer@movenetworks.com
[2010.07.17 13:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\staged-xpis
[2009.08.24 21:37:12 | 000,005,318 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\com-searchde.xml
[2009.09.19 11:05:43 | 000,001,699 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\transfermarktde.xml
[2009.10.09 03:22:33 | 000,004,153 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\youtube.xml
[2010.07.19 20:12:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.19 19:05:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.19 19:04:39 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.03 12:17:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.03 12:17:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.03 12:17:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.03 12:17:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.03 12:17:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.02.24 22:50:21 | 000,000,972 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [XboxStat] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FlashMute] C:\Programme\FlashMute\flashmute.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2009.06.11 11:26:43 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} hxxp://simcity.ea.com/play/classic/SimCityX.cab (SimCityX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.arcadetown.com/swf/popcap/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper0.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper0.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.05.09 06:19:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.07.19 17:05:21 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.19 17:05:22 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010.07.19 17:05:24 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010.07.19 17:05:22 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.19 17:05:24 | 000,000,000 | RHSD | M] - M:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.19 22:02:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Malwarebytes
[2010.07.19 22:02:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.19 22:02:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.19 22:02:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.19 22:02:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.19 20:35:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.19 19:06:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.07.19 19:05:10 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010.07.19 19:05:10 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010.07.19 19:05:09 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010.07.19 19:05:09 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010.07.19 19:05:09 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010.07.19 17:05:21 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.07.19 12:16:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.07.18 23:59:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe
[2010.07.17 12:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\SUPERAntiSpyware.com
[2010.07.17 12:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.07.17 12:32:01 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.07.14 11:58:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.10 15:08:12 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.07.10 15:08:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.07.09 19:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.09 19:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.20 02:30:49 | 000,002,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk
[2010.07.20 02:30:21 | 000,021,876 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.07.20 02:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.20 02:24:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.20 02:23:37 | 010,223,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\NTUSER.DAT
[2010.07.19 22:02:29 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.19 20:35:54 | 001,088,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.19 20:35:54 | 000,478,288 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.19 20:35:54 | 000,436,236 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.19 20:35:54 | 000,091,638 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.19 20:35:54 | 000,068,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.19 20:29:01 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.07.19 20:00:40 | 001,568,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.19 19:04:37 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010.07.19 19:04:37 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010.07.19 19:04:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010.07.19 19:04:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010.07.19 19:04:37 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010.07.19 17:25:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.19 16:14:06 | 000,011,250 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Splash Lineup.xlsx
[2010.07.19 15:02:33 | 000,132,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Flash_Disinfector.exe
[2010.07.19 00:34:06 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\rskhylmd.exe
[2010.07.18 23:59:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe
[2010.07.17 12:32:18 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.15 17:50:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.11 15:01:04 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Individuelle Reflexion zur Vorlesung.doc
[2010.07.10 15:08:32 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Spybot - Search & Destroy.lnk
[2010.07.09 16:14:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.04 22:33:58 | 000,108,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.20 03:36:00 | 000,038,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\.recently-used.xbel
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.19 22:02:29 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.19 20:29:01 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.07.19 16:14:05 | 000,011,250 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Splash Lineup.xlsx
[2010.07.19 15:02:31 | 000,132,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Flash_Disinfector.exe
[2010.07.19 00:34:06 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\rskhylmd.exe
[2010.07.17 12:32:18 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.11 15:00:46 | 000,045,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Individuelle Reflexion zur Vorlesung.doc
[2010.07.10 15:08:32 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Spybot - Search & Destroy.lnk
[2010.06.20 03:36:00 | 000,038,545 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\.recently-used.xbel
[2010.02.12 13:21:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010.02.12 13:21:23 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010.02.12 13:21:22 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009.11.30 22:26:59 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.10.01 09:34:54 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009.04.08 03:03:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2008.12.18 04:10:25 | 000,000,207 | ---- | C] () -- C:\WINDOWS\acez3dfireplace.ini
[2008.12.03 03:38:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008.07.23 20:24:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.07.09 22:21:44 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.07.09 22:21:41 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.07.04 09:32:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.05.26 18:56:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.05.21 10:33:38 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.05.14 19:29:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.05.14 18:53:26 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.05.10 13:22:44 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.05.09 06:41:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.05.09 06:38:19 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008.05.09 06:30:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008.05.09 06:25:36 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008.05.09 06:25:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.05.09 06:23:17 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.05.09 06:00:31 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2008.05.09 05:58:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007.03.12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2005.03.02 13:12:14 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.09.07 16:34:59 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004.09.07 16:34:59 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
< End of report >
         

Geändert von Sane23 (20.07.2010 um 15:18 Uhr)

Alt 21.07.2010, 11:42   #9
Swisstreasure
/// Malwareteam
 
iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Standard

iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik



Kein weiterer Support möglich

Die Nutzung von Cracks, Keygens und Patchs, die das Ziel haben, Bezahlsoftware ohne Bezahlung nutzbar zu machen, ist illegal und wir haben uns darauf geeinigt, dass wir uns nicht der Beihilfe schuldig machen werden. Dieses Forum unterliegt deutschen Gesetzen und die sind diesbezüglich sehr streng.

Dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware und Backdoors unterzubringen, ist kein Geheimnis und muss jedem klar sein.

Da bleibt mir nichts weiter, als Dir zu empfehlen, in Zukunft auf derlei Software zu verzichten. Mit solcher Software endet der Support und beschränkt sich auf den Hinweis in Zukunft von solchen Sache die Finger zu lassen und das System neu zu installieren. Wenn Du das System neu installiert hast, kannst Du gerne einen neuen Thread eröffnen. Dieser Thread wird geschlossen.

Thema geschlossen

Themen zu iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik
antivir, antivir guard, avira, bho, bonjour, browser, cdburnerxp, desktop, einstellungen, firefox, frage, hijackthis, hintergrundmusik, hkus\s-1-5-18, iexplore.exe, internet, internet explorer, logfile, mozilla, neu aufgesetzt, object, prozesse, rundll, schlachtmusik, senden, software, system, windows, windows xp



Ähnliche Themen: iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik


  1. Unbekannte Geräte im Lautstärke Mixer
    Plagegeister aller Art und deren Bekämpfung - 27.12.2014 (3)
  2. Hintergrundmusik/werbung zu hören ohne das was geöffnet ist.
    Plagegeister aller Art und deren Bekämpfung - 14.01.2014 (15)
  3. VLC Player maximal bei Lautstärke 125%
    Alles rund um Windows - 16.10.2013 (7)
  4. Hintergrundmusik&Werbung Virus
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (11)
  5. Trojaner (Wurm) Spielt hintergrundmusik ab
    Plagegeister aller Art und deren Bekämpfung - 16.10.2011 (8)
  6. Google Fehlleitung und Hintergrundmusik
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (23)
  7. Hintergrundmusik im Browser - Virus?
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (22)
  8. Lautstärke geht auf Null (Wave)
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (20)
  9. Hintergrundmusik von Online-Spiel ohne offenes Fenster!
    Log-Analyse und Auswertung - 30.08.2010 (2)
  10. iexplore.exe, wave-regler auf null, pop-ups in IE-Fenstern
    Log-Analyse und Auswertung - 22.08.2010 (59)
  11. iexplore multipel im task manager, wave auf null
    Log-Analyse und Auswertung - 09.08.2010 (9)
  12. Wave wird leise, der Internet Explorer popt und iexplore.exe läuft als Prozess!
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (19)
  13. IE popups, wave-lautstärke automatisch auf minimum
    Log-Analyse und Auswertung - 26.07.2010 (9)
  14. iexplore in den Prozessen, Wave auf Null, Pop Up Fenster
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (1)
  15. Probleme mit Popup-Fenstern, Minimirung von Programmen und Lautstärke(Wave)
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (16)
  16. 2-4x iexplore.exe im Task-Manager (Lautstärke unverändert)
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)
  17. Hintergrundmusik/ Werbung im IE8
    Log-Analyse und Auswertung - 27.01.2010 (20)

Zum Thema iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik - Hallo, Ich habe bereits viel auf eurem Board und im Internet gestöbert, kann aber keine Universalanleitung zum bereinigen dieses Problems finden (gibt es evtl auch nicht?!). Allerdings hatten gab es - iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik...
Archiv
Du betrachtest: iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.