Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 - als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 03.01.2011, 07:21   #1
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Beitrag

Problem: Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!



Also wie schon im Titel beschrieben öffnet sich ca. alle 30min - 1std. 30min mein WMP von alleine. Und wenn ich es minimire / ein anderes Fenster (z.b. internetbrowser) öfffne oder anklicke, drängt sich WMP wieder in den vordergrund (ca. jede sekunde).

So ich hoffe ich hab das Problem genug beschrieben damit ihr vielleicht ein paar Ideen entwickeln um mir zu helfen, denn es stört sehr wenn ich mitten im Spiel oder sonstiges den PC neustarten darf.

Hoffentlich kein Virus oder Trojaner oder sonstiges.
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:27:46, on 03.01.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Siemens\Gigaset USB Adapter 54\PRISMSVR.exe
C:\Program Files\Vimicro\VMUVC\VMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Tech\Tilt Mouse Software\5.0\ACQTMAPP.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\***\Program Files\DNA\btdna.exe
C:\Program Files\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\Public\World of Warcraft\WoW.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\***\Downloads\HiJackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Siemens\Gigaset USB Adapter 54\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Tech\Tilt Mouse Software\5.0\ACQTMAPP.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Niklas\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Niklas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
 
--
End of file - 13901 bytes
         
--- --- ---

Alt 03.01.2011, 13:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! Anleitung / Hilfe



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 03.01.2011, 14:52   #3
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Beitrag

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! Details



Ok, also:

Malwarebytes:


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5447

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

03.01.2011 15:38:25
mbam-log-2011-01-03 (15-38-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 188344
Laufzeit: 18 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL:

OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.01.2011 15:42:04 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 29,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,15 Gb Total Space | 333,62 Gb Free Space | 57,90% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,83% Space Free | Partition Type: FAT32
Drive E: | 3,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Niklas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1902AF56-FDE8-42A2-AF55-668CFA68E392}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{55B8A150-E2F1-4128-BEC2-F7250F8691F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{650A22A3-50F2-4CBB-9CBA-30EFE92C6535}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{6E8E4FEC-F08B-4938-B919-7082335C2B2A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{A8E6BAA3-88C9-4B77-BBF8-3BD14E9B58D7}" = lport=7000 | protocol=6 | dir=in | name=blizzard downloader: 7000 | 
"{B69518B2-B901-4016-A57F-7D163CA76980}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D3D624AA-D789-4443-9CD6-72CF3A47A2C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006D75D8-62AB-4D47-908C-54EE193F79E0}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{02A29263-CC8D-4C86-AB3A-EF7A301CEF89}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{047BE389-206C-4957-AF71-CF407136F7D4}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe | 
"{063CB075-69EF-4074-ADC4-6F312CE64E36}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{101FBAB7-BE4F-4870-8A8C-D6AA8C4AB406}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{137B1AAD-6D6A-45C2-8F41-F6BAAA09EE60}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{159A38E1-C247-4477-A3C6-BEB218ABD97C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1A303F31-98A8-406C-A0AA-89F96E264BE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{21986F32-605D-413B-B86F-09B7C356FCEF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{2FEBC07A-1531-42E0-AA07-C7301BFD50F3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{370ABAA2-B9CE-41DD-BD3B-191C25175A9B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"{37C99D49-430D-401E-BF54-14418907FD77}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe | 
"{3B916733-268E-4A25-9E6E-9D0D64DE1173}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3D22AAED-53B1-4076-B674-FC4CDAF40FA7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{3F99F2D1-09F3-4536-B774-238CA1726490}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{413054E2-A51E-4BC5-A81A-78D966A0B468}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{44DA55D9-B665-4EEE-9ECD-86B427C135CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{45A1A464-1A10-45AA-B6F7-B80B2A8AC587}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{50540D7D-1FBB-4D01-A467-9E715CCBA32C}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe | 
"{53440A0D-D6B7-4CDB-9DF4-A9CEDB90EA28}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{57352F3B-DA81-4793-B009-6D75332A127E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{5B1C536F-BFC6-4AC3-B478-8ADA41C2B2F4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{5C321270-9D2C-40B4-A09D-38189DEA38E4}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{5EB9B68D-2548-4121-91C1-9CE36E8048E4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{682BB3DB-722A-4127-BF24-4FF9200A7ED2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{68FDCE46-00A5-431A-B65D-0E10C51C4082}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{6BF37AEF-3A65-488B-87B3-5484CFAB53C4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{6C909073-9BA6-48C9-A190-69CA7F55F889}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{6E3EBA59-D755-4485-850F-3D831FBEEA4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{72110A29-0FEA-4CFB-A986-CF4A12279838}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe | 
"{7308639F-336D-4033-86EF-26B088AC6B74}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{76C50C5F-2C13-49DE-B80E-AAEFB9783A91}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{77AD39C7-0851-4C6B-9B73-D7E5B6E31ECA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{77D8F104-8659-478E-A12A-82AD9CD78374}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{782F1C6F-12F6-4DDE-B2F4-D24A06DC7967}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{7BBFD48A-699D-4748-81C8-A9230492D874}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"{7BCCFDD5-B418-45CD-A9A5-CBC729100543}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7BD1AB52-FB5D-47FD-ABB2-E5689CA156F1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{7D46E159-2861-4095-98B6-871A8F9827FE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{84024FED-9B65-42C7-9F71-2193274FBE35}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8799BB65-4A59-484B-93AB-DB831BF5F4B7}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{8CA59B9D-CB24-431F-BAF7-60E13B01A6F3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{922ABF1F-19C3-40AA-BDC4-89E5B013CBB5}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{922F4879-79DD-41CC-81E6-1760B03C8B5B}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.patch.exe | 
"{98CAFABB-3544-415D-AAE6-DF1A12C3AD32}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{99DB78AB-FD12-4153-92DB-30D71F92B328}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{9D873E8A-668A-484C-B638-83E9F897BE39}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{9E0253C3-07AF-4F7D-819A-102E0F88ED44}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{9F4B5752-A672-468C-B323-EAC2F7656324}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A07A9793-A873-498D-AF06-34EAC0F56249}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{A1663863-9F89-4D62-B138-7D26357551CD}" = protocol=17 | dir=in | app=c:\program files\salfeld\kisi\kisiset.exe | 
"{A4682FED-36C6-4466-A48B-494F841A9C77}" = protocol=6 | dir=in | app=c:\program files\salfeld\kisi\kisiset.exe | 
"{A9FD361F-0133-4134-9AF9-807FB565DA97}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{AB94D42F-F754-495D-AAEE-21C7574A2893}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{B13CF11D-0E2C-4B8F-A600-D39FA47A3B46}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{B15E67E4-18D6-4DB1-844C-1115FBD4EC54}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{BB5B95CF-6851-4845-9D8E-8662F4D918E1}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe | 
"{BDBC7F3B-18DE-4599-80E9-4283F52D8FC3}" = protocol=6 | dir=out | app=system | 
"{C087D784-D635-47D3-94D6-52DE0CD721F3}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.patch.exe | 
"{C157E5E4-6C8E-46E2-B08D-D2F72BC103CF}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{C5AEE85F-3C8A-4176-9FAE-2C5C37343C50}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe | 
"{C8923C25-1B73-4115-99D6-F633A841C4CF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{CE9261DA-37CC-4EA7-8087-9A571674BCB3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{D371706E-A1D2-4141-BAA8-78DE8B939744}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D4DB4617-82B5-460C-9C32-EC0ACC08C36F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{D7CE7218-1C01-4D31-AEE9-D18FEF81BE8B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DC4F722E-C76D-4B53-BE9C-9BB9CC778E62}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{EAE6130F-0975-4D45-B28E-CFE87917CCE4}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{EC516C45-FE5E-4FF2-8615-AC780BAD8A78}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{F2869AD7-168D-4B82-8ED7-FE15C4CB81A1}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{F4DF1F86-DC7C-4B2A-9789-4FB3F1F97831}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{F6CC2CB8-8208-4D4B-9432-FF2A035DB258}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{FA4F8296-B3D8-400F-9EE2-857C140B9886}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"TCP Query User{01A2935D-3653-4DB0-B103-DED8B2F58F48}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe | 
"TCP Query User{01EC64D0-E802-462D-AC21-38F83F547A30}C:\users\public\world of warcraft - kopie\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft - kopie\launcher.exe | 
"TCP Query User{066988C8-7829-4E52-8FB5-A831B8D2B7AE}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"TCP Query User{0B62135C-0642-43B3-8576-69A1A100B434}C:\users\***\appdata\local\temp\blizzard launcher temporary - 0d26ce58\launcher.exe" = protocol=6 | dir=in | app=c:\users\niklas\appdata\local\temp\blizzard launcher temporary - 0d26ce58\launcher.exe | 
"TCP Query User{0B7E8DBF-5743-4A88-85A6-1E049C86CCE1}C:\users\public\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{0F7B6696-0AA6-4B57-890D-213CFDF48887}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"TCP Query User{13CA9748-F4CE-4776-A938-844712C5544A}C:\alien arena 2008\crx.exe" = protocol=6 | dir=in | app=c:\alien arena 2008\crx.exe | 
"TCP Query User{169C7DEE-F838-4CEF-BE38-658A2C761DD6}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{180B0386-EEF9-43AF-AD61-3C980252AF95}C:\users\***\appdata\local\temp\blizzard launcher temporary - 17772420\launcher.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 17772420\launcher.exe | 
"TCP Query User{1C014C2B-9165-4001-ABA1-99BE9922A697}C:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\mangos\mangosd.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\mangos\mangosd.exe | 
"TCP Query User{1C3FAA8D-4217-4B15-885D-8D2C9AA55BCC}C:\users\public\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{1CF25357-7DD5-45F1-ADA1-C1DB44217CD3}C:\program files\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"TCP Query User{22A35D9D-3706-48FD-B8B5-D06001D69125}C:\windows\system32\nvsvc32.exe" = protocol=6 | dir=in | app=c:\windows\system32\nvsvc32.exe | 
"TCP Query User{3AF20C52-5EBE-46FA-A6AB-999C92D59AD3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{4C97C0CE-45D4-4858-9F17-930631068047}C:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\server\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\server\apache\bin\apache.exe | 
"TCP Query User{4E36C319-E6BE-40D2-89AC-8D76DC301827}C:\users\public\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"TCP Query User{4E9D1C99-4995-4EDC-81D0-C610CDDC350E}C:\users\***\appdata\local\temp\blizzard launcher temporary - 154246a8\launcher.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 154246a8\launcher.exe | 
"TCP Query User{63E078DC-3932-445E-8A20-3C613473DDB0}C:\users\public\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{6D5C9B57-CAB6-4ED3-B700-AF3E936F3F2F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{838C7B99-A8CA-445B-B8AC-0B0D32BE98F8}C:\users\***\downloads\wow-language-pack-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\niklas\downloads\wow-language-pack-engb-downloader.exe | 
"TCP Query User{864667EC-5294-4513-A9BD-755C750921DB}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{892B3092-A2B3-4183-A57D-6E4008B28F53}C:\users\public\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{896C6627-6BA7-481D-9027-C8354F7D4A53}C:\program files\world of warcraft\world of warcraft\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\world of warcraft\world of warcraft\repair.exe | 
"TCP Query User{90A0CF27-2945-4DC4-8AA0-6DC63CA715A8}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"TCP Query User{989A43F7-FA47-47A6-AF25-B4919D06A5FE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9D48489C-0FA2-4579-A10A-F1CF8AA8AF47}C:\users\***\appdata\local\temp\blizzard launcher temporary - 1dc41630\launcher.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 1dc41630\launcher.exe | 
"TCP Query User{A21D4FCF-92C1-40F7-8513-D8019BB719D6}C:\users\niklas\appdata\local\temp\blizzard launcher temporary - 18b3bb00\launcher.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 18b3bb00\launcher.exe | 
"TCP Query User{A370B04B-E85F-495B-B801-482ED5E4DD37}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"TCP Query User{AC10CC67-DE23-4386-A6BE-1C577EA30038}C:\users\***\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\niklas\program files\dna\btdna.exe | 
"TCP Query User{AD49FA3A-B03D-414C-9072-0266477FC33E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{B1C29976-DDC9-4B50-AF9A-EB25A93B9258}C:\users\public\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\blizzard downloader.exe | 
"TCP Query User{B7D14C92-AF9B-431B-B119-D34569D75B06}C:\users\niklas\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\niklas\program files\dna\btdna.exe | 
"TCP Query User{B830F853-E4CB-4D7D-8D36-259E2793CC73}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{C122DE6C-B9B2-45A7-99D0-A009D8423870}C:\users\public\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\repair.exe | 
"TCP Query User{C99C1E99-5CEC-499F-A0E4-28E843588E8D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{CAB1D18C-045D-4014-B9D4-DEB4EC1115B5}C:\users\public\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{CC9AC4DB-02EE-4210-95DE-A7E97F22873D}C:\program files\easy emu\novo's easy wow handler\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files\easy emu\novo's easy wow handler\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{CE9F6A68-A7E2-4AF2-AE4D-70B2B73BD4DE}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | 
"TCP Query User{D0B2F4E8-48DF-4B71-9F84-8874D6C99B27}C:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\server\mysql\bin\mysqld.exe | 
"TCP Query User{D20F6BF9-343F-49F3-B204-61531D502D55}C:\users\***\downloads\teamviewer507portable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\teamviewer507portable\teamviewer.exe | 
"TCP Query User{D809E115-B4D3-4264-9E9C-236191E989DA}C:\users\public\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{D831EB7A-092D-49C1-B4EA-A5E91829313B}C:\users\public\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{E15D56BA-7070-42F7-B3F6-01C098D0F1FA}C:\users\***\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\niklas\world of warcraft\launcher.exe | 
"TCP Query User{F6B905EA-A65C-4037-87DC-AC8E5AC5B7CB}C:\games\ngd studios\regnum online\liveserver\roclientgame.exe" = protocol=6 | dir=in | app=c:\games\ngd studios\regnum online\liveserver\roclientgame.exe | 
"TCP Query User{F7338923-6FA1-45E4-B7CB-F08D451D38C4}C:\program files\easy emu\novo's easy wow handler\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\program files\easy emu\novo's easy wow handler\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{00A6A0E2-2629-4274-B561-3D594EAE1009}C:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\server\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\server\apache\bin\apache.exe | 
"UDP Query User{0C3185E4-6EE9-459C-A750-29E0CFB93BFD}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{15A8E73C-AADB-4372-8817-EBAE2E3919B6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{193F9B70-595A-4E30-9B8C-BA10BBE92517}C:\users\public\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{194E0BE4-0304-4925-8046-46EA0D01AC9D}C:\users\public\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{2757AABA-FEB7-47CD-B9D6-AAC62C0D4D6B}C:\users\public\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{2A3EA6B7-201E-481D-A61B-C04A6E2A1F11}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"UDP Query User{3000E3E1-79A1-4013-BF5C-0A9801EAE536}C:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\mangos\mangosd.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\mangos\mangosd.exe | 
"UDP Query User{36D2EEF2-734F-49D1-8825-6859DFF42837}C:\users\niklas\appdata\local\temp\blizzard launcher temporary - 0d26ce58\launcher.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 0d26ce58\launcher.exe | 
"UDP Query User{3FD10533-D588-4078-93DF-6A9D2C1EC09F}C:\program files\easy emu\novo's easy wow handler\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files\easy emu\novo's easy wow handler\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{3FDF853A-837C-4B46-9135-8962FC899D2D}C:\users\public\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\repair.exe | 
"UDP Query User{46A0705B-6D32-4659-8A31-F757B398C880}C:\users\***\downloads\teamviewer507portable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\teamviewer507portable\teamviewer.exe | 
"UDP Query User{492BE1C4-4A66-4BD6-BCE7-1251E97B937D}C:\users\public\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\blizzard downloader.exe | 
"UDP Query User{49E09078-931A-4B0D-8A02-778D65514967}C:\users\***\appdata\local\temp\blizzard launcher temporary - 1dc41630\launcher.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 1dc41630\launcher.exe | 
"UDP Query User{4B49CAFF-5FA1-473D-B4D1-957E87D89E53}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe | 
"UDP Query User{4B84F7FB-483F-461F-A6E0-2E82F1EDD1C6}C:\users\***\appdata\local\temp\blizzard launcher temporary - 18b3bb00\launcher.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 18b3bb00\launcher.exe | 
"UDP Query User{518ADDFF-3FD2-458E-9038-86A2767CE50C}C:\users\public\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{53C6E602-30FF-4865-9FFB-C0884D03C684}C:\windows\system32\nvsvc32.exe" = protocol=17 | dir=in | app=c:\windows\system32\nvsvc32.exe | 
"UDP Query User{57C5B85D-633D-4EEC-86B2-932E67AC94A0}C:\alien arena 2008\crx.exe" = protocol=17 | dir=in | app=c:\alien arena 2008\crx.exe | 
"UDP Query User{5CCEAAC1-5BA3-48B3-9BBF-9F3F60EAB808}C:\users\public\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{5E39C44E-069D-4143-BC51-E9436D556D99}C:\users\***\appdata\local\temp\blizzard launcher temporary - 17772420\launcher.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 17772420\launcher.exe | 
"UDP Query User{6986D1BA-4208-46AE-843D-98180035B555}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"UDP Query User{6EAF3F1A-C489-481B-8760-25108D93FC3F}C:\users\***\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files\dna\btdna.exe | 
"UDP Query User{75059D15-0F67-44B4-8AB4-CC7F11036299}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{83BC4044-A405-4B4C-9275-E6D0284627C7}C:\users\public\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{88A7C3E9-0D6B-451D-9929-71C29CE74642}C:\users\public\world of warcraft - kopie\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft - kopie\launcher.exe | 
"UDP Query User{89EBF57F-CBB3-46D4-B68D-CFE9AE319C12}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"UDP Query User{8A24E369-DB27-45B8-A34C-544E98D8E095}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{95C4FAED-943C-40A8-B745-D55A846AD5A2}C:\users\public\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{99669A9A-7158-4803-817C-96954A70E10B}C:\program files\world of warcraft\world of warcraft\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\world of warcraft\world of warcraft\repair.exe | 
"UDP Query User{A64826A3-5D77-49E2-9D9C-86910FA541A3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{A73D3218-9076-4DD8-9A5C-DF5073267D8A}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{AE8A060B-8084-4742-95B7-423C4F19E9A5}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | 
"UDP Query User{BCCBF812-10BC-4752-B774-7620C787C15C}C:\program files\easy emu\novo's easy wow handler\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\program files\easy emu\novo's easy wow handler\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{BF488BCD-7973-4E9F-A1D8-5FDDED42C672}C:\users\***\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files\dna\btdna.exe | 
"UDP Query User{C8AC4FE1-BF20-4D0C-9A6D-44E31B9D8C51}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"UDP Query User{CAC349CD-A4FE-4B7E-B43C-DA6B0CD165A8}C:\users\public\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{CC4CD267-4D10-4E25-AECA-1A99DDF5A0CA}C:\games\ngd studios\regnum online\liveserver\roclientgame.exe" = protocol=17 | dir=in | app=c:\games\ngd studios\regnum online\liveserver\roclientgame.exe | 
"UDP Query User{D9E75BBA-1607-4169-AEA2-196408352525}C:\users\***\downloads\wow-language-pack-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\wow-language-pack-engb-downloader.exe | 
"UDP Query User{DAB3F19C-29A1-44BA-8963-A71408BFC5E5}C:\users\***\appdata\local\temp\blizzard launcher temporary - 154246a8\launcher.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 154246a8\launcher.exe | 
"UDP Query User{DC43E23C-F62F-40C4-94A8-ABEEA766BC93}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"UDP Query User{EA6CF917-203B-453E-A305-6F1F4D7DCDD1}C:\users\***\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\niklas\world of warcraft\launcher.exe | 
"UDP Query User{EFA5E425-B525-49F6-999C-E507279F8488}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{F0223281-24B1-433A-A597-A84BB0E26357}C:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\bogdan's repack 3.3.0\bogdan's repack 3.3.0\server\mysql\bin\mysqld.exe | 
"UDP Query User{FF16DE2E-A5A9-45E7-AC4A-020474BDD6FA}C:\program files\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01CEF48F-41F2-4A43-82F2-25D23D68C1D4}" = Cuttermaran 1.69a
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A712D29-DBE3-4381-A331-AF4AE5BEB244}" = ArcSoft Software Suite
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FA8B85C-62BF-4A54-A53F-1DDBF4643F9C}" = Gigaset USB Adapter 54
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71A51A91-E7D3-11DB-A386-005056C00008}" = MD 85872 WEBCAM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7FF183FB-456E-44D7-8865-4F2332CC70E9}_is1" = 777-Record-and-Cut 1.0
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{867F5501-F8EF-4542-9D68-310A238A15FF}" = SLOW-PCfighter
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA0799-F982-414C-9A8B-17EB03D39677}" = trakAxPC
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9FFC925-E27E-436E-A2DF-652324D51031}" = Nero 8 Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Allzeit Atomzeit 2.00" = Allzeit Atomzeit 2.00
"Applian FLV Player2.0.24" = Applian FLV Player
"Ask & Record Toolbar4.00" = Ask & Record Toolbar 4.00 
"Ask Toolbar_is1" = Ask Toolbar
"avast5" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlablaMaker" = Blabla Maker
"CamStudio" = CamStudio
"Euro Truck Simulator" = Euro Truck Simulator 1.3
"FormatFactory" = FormatFactory 2.10
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video Converter_is1" = Free Video Converter V 2.9
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Game Cam" = Game Cam 2.54.0.47
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{4FA8B85C-62BF-4A54-A53F-1DDBF4643F9C}" = Gigaset USB Adapter 54
"IrfanView" = IrfanView (remove only)
"klvideoconvert_is1" = K-Lite Video Conversion Pack 1.8.5
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"PunkBusterSvc" = PunkBuster Services
"Riva FLV Player_is1" = Riva FLV Player
"secretmaryo" = Secret Maryo Chronicles
"SLOW-PCfighter" = SLOW-PCfighter
"Softonic_Deutsch_FF Toolbar" = Softonic_Deutsch_FF Toolbar
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"Tilt Mouse Software_is1" = Tilt Mouse Software 5.0
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.9
"wkqey" = Favorit
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.01.2011 01:11:17 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 03.01.2011 01:11:17 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 03.01.2011 01:11:17 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 03.01.2011 01:18:06 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.01.2011 01:18:11 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.10.0, Zeitstempel
 0x49c9efad, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x07070707,  Prozess-ID 0xeb8, Anwendungsstartzeit
 01cbab058d73e07a.
 
Error - 03.01.2011 08:57:35 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel
 0x4ccf92fb, fehlerhaftes Modul IEShims.dll, Version 8.0.6001.18999, Zeitstempel
 0x4ccfa85d, Ausnahmecode 0xc0000005, Fehleroffset 0x00021e16,  Prozess-ID 0xe90, 
Anwendungsstartzeit 01cbab45ca4ac87a.
 
Error - 03.01.2011 10:17:47 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero8\Nero
 StartSmart\NeroStartSmart.exe".  Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.01.2011 10:17:48 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero8\Nero
 StartSmart\NeroStartSmart.exe".  Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.01.2011 10:17:51 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero8\Nero
 StartSmart\NeroStartSmart.exe".  Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.01.2011 10:17:51 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero8\Nero
 StartSmart\NeroStartSmart.exe".  Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 02.01.2011 11:02:53 | Computer Name = +++ | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description = 
 
Error - 02.01.2011 11:04:05 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.01.2011 11:57:22 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description = 
 
Error - 02.01.2011 11:58:23 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.01.2011 16:43:04 | Computer Name = ***  | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.01.2011 um 21:41:06 unerwartet heruntergefahren.
 
Error - 02.01.2011 16:43:21 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description = 
 
Error - 02.01.2011 16:44:17 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

	Feature:
 %%835     Error Code: 0x80004005     Error description: Unbekannter Fehler      Reason: %%842
 
Error - 02.01.2011 16:44:37 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 03.01.2011 01:17:18 | Computer Name = *** | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description = 
 
Error - 03.01.2011 01:18:07 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

--- --- ---OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.01.2011 15:42:04 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 29,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,15 Gb Total Space | 333,62 Gb Free Space | 57,90% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,83% Space Free | Partition Type: FAT32
Drive E: | 3,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***| User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Public\World of Warcraft\WoW.exe (Blizzard Entertainment)
PRC - C:\Programme\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Tech\Tilt Mouse Software\5.0\ACQTMAPP.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Vimicro\VMUVC\VMonitor.exe (Vimicro Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Razer\Lycosa\razertra.exe ()
PRC - C:\Programme\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe ()
PRC - C:\Programme\Siemens\Gigaset USB Adapter 54\PRISMSVR.exe (Conexant Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IvtBtBUs) -- C:\Windows\System32\Drivers\IvtBtBus.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys File not found
DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\Windows\System32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (vvftUVC) -- C:\Windows\System32\drivers\vvftUVC.sys (Vimicro Corporation)
DRV - (VMUVC) -- C:\Windows\System32\drivers\VMUVC.sys (Vimicro Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (LycoFltr) -- C:\Windows\System32\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (SE4501D) -- C:\Windows\System32\drivers\SE4501D.sys (Siemens AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 3A 18 E5 08 AF CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.08 18:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.08 18:27:30 | 000,000,000 | ---D | M]
 
[2008.11.19 15:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.01.02 17:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions
[2009.08.08 12:19:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.25 18:50:38 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.06.18 13:24:43 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.24 02:52:24 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.01.31 21:34:26 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.06.07 20:08:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.10 12:48:43 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009.06.14 09:25:50 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009.12.14 13:36:08 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7sux7cw.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.06.06 09:39:34 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-1.xml
[2010.02.24 20:50:43 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-10.xml
[2010.03.29 12:51:50 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-11.xml
[2010.04.06 15:09:04 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-12.xml
[2010.06.18 22:15:58 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-13.xml
[2009.03.29 14:45:45 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-2.xml
[2009.04.23 12:34:00 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-3.xml
[2009.04.29 14:30:54 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-4.xml
[2009.06.13 09:02:50 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-5.xml
[2009.07.24 19:33:54 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-6.xml
[2009.08.05 10:41:25 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-7.xml
[2010.01.05 12:21:48 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-8.xml
[2010.02.24 20:49:55 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin-9.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\icqplugin.xml
[2009.12.14 13:35:53 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t7sux7cw.default\searchplugins\sweetim.xml
[2010.11.23 13:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.19 13:31:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.23 13:50:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.23 13:50:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.03 06:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\NIKLAS\PROGRAM FILES\DNA
[2010.11.23 13:49:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.23 14:55:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.23 14:55:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.23 14:55:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.23 14:55:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.23 14:55:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.01.09 12:07:15 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: ::1 	localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files\Tech\Tilt Mouse Software\5.0\ACQTMAPP.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\Program Files\Siemens\Gigaset USB Adapter 54\PRISMSVR.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ClipIncSrvTray] C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.01.10 21:04:50 | 000,000,074 | -H-- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{8f4a72c8-b62c-11dd-b6d7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f4a72c8-b62c-11dd-b6d7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\World of Warcraft (Windows).exe -- [2007.12.15 21:53:54 | 001,180,352 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.03 15:39:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.01.03 15:17:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.03 15:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.03 15:17:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.03 15:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.02 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner Free
[2011.01.02 18:09:38 | 000,000,000 | ---D | C] -- C:\Programme\Wise Registry Cleaner
[2011.01.02 17:15:48 | 000,000,000 | ---D | C] -- C:\fcb3ea4ea8dd9f44a55ed16fbb
[2010.12.27 00:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2010.12.26 04:46:06 | 000,000,000 | ---D | C] -- C:\Programme\Rockstar Games
[2010.12.26 04:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2010.12.26 04:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2010.12.26 04:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2010.12.26 04:14:57 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\System32\Lycosa.cpl
[2010.12.26 04:14:56 | 000,016,128 | ---- | C] (Razer USA Ltd.) -- C:\Windows\System32\drivers\Lycosa.sys
[2010.12.26 04:14:56 | 000,000,000 | ---D | C] -- C:\Programme\Razer
[2010.12.26 04:14:36 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\InstallShield
[2010.12.23 10:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010.12.23 10:03:02 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.12.23 10:00:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.12.16 11:45:12 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 11:45:10 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 11:45:08 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 11:45:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 11:44:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 11:44:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 11:44:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.16 11:44:28 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 11:44:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.16 11:44:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.16 11:44:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.16 11:44:17 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 11:44:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.16 11:44:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 11:44:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.16 11:44:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.16 11:44:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.16 11:44:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.16 11:44:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.16 11:44:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.16 11:44:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.16 11:44:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.16 11:44:07 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 11:44:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 11:44:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 11:43:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.08 18:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010.12.08 18:26:48 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.12.05 23:37:36 | 000,000,000 | ---D | C] -- C:\Programme\Super Mario World
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.03 15:46:48 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A58B91F8-99FB-4CC3-899E-68375FA52BEC}.job
[2011.01.03 15:40:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.03 15:39:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Niklas\Desktop\OTL.exe
[2011.01.03 15:17:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.03 14:54:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3704707052-2540689425-1032157838-1002UA.job
[2011.01.03 14:27:51 | 000,000,607 | ---- | M] () -- C:\Users\***\Desktop\World of Warcraft.lnk
[2011.01.03 14:17:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 14:17:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 06:23:36 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.03 06:23:36 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.03 06:23:36 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.03 06:23:36 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.03 06:17:53 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.01.03 06:17:52 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.01.03 06:17:35 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.03 06:17:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.03 06:17:08 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.02 21:43:15 | 000,325,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.02 18:09:43 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011.01.02 18:09:43 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010.12.30 22:12:32 | 000,049,664 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.26 04:46:06 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\GTA San Andreas.lnk
[2010.12.23 10:04:34 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.12.23 09:53:41 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010.12.21 22:52:08 | 000,000,205 | ---- | M] () -- C:\Users\***\Desktop\Beruf.rtf
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 23:43:10 | 000,003,817 | ---- | M] () -- C:\Users\***\Desktop\Vr-China.rtf
[2010.12.16 22:28:33 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.12.16 19:59:44 | 000,000,294 | ---- | M] () -- C:\Users\***\Desktop\wowreamlmlist4.0.3.rtf
[2010.12.15 07:25:12 | 000,002,051 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2010.12.09 21:30:08 | 000,000,603 | ---- | M] () -- C:\Users\***\Desktop\zsnesw - Verknüpfung.lnk
[2010.12.08 18:27:19 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.12.05 23:39:59 | 000,000,956 | ---- | M] () -- C:\Users\***\Desktop\Super Mario World (U) [!].smc - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2011.01.03 15:17:40 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.02 18:09:43 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011.01.02 18:09:43 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010.12.28 14:22:13 | 000,000,607 | ---- | C] () -- C:\Users\***\Desktop\World of Warcraft.lnk
[2010.12.26 04:46:06 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\GTA San Andreas.lnk
[2010.12.23 10:04:34 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.12.21 22:52:08 | 000,000,205 | ---- | C] () -- C:\Users\***\Desktop\Beruf.rtf
[2010.12.16 22:48:35 | 000,003,817 | ---- | C] () -- C:\Users\***\Desktop\Vr-China.rtf
[2010.12.16 22:28:33 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.12.16 19:59:44 | 000,000,294 | ---- | C] () -- C:\Users\***\Desktop\wowreamlmlist4.0.3.rtf
[2010.12.09 21:30:08 | 000,000,603 | ---- | C] () -- C:\Users\***\Desktop\zsnesw - Verknüpfung.lnk
[2010.12.08 18:27:19 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.12.05 23:39:59 | 000,000,956 | ---- | C] () -- C:\Users\***\Desktop\Super Mario World (U) [!].smc - Verknüpfung.lnk
[2010.11.22 15:27:23 | 000,000,121 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.pls
[2010.07.22 23:11:32 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.07.22 23:11:32 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.10.24 15:34:36 | 000,000,144 | -H-- | C] () -- C:\Windows\System32\CTLSW.INI
[2009.10.24 15:34:36 | 000,000,119 | ---- | C] () -- C:\Windows\System32\swctl.dll
[2009.08.18 23:48:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.14 12:44:16 | 000,367,957 | ---- | C] () -- C:\Users\***\AppData\Local\wkqey_nav.dat
[2009.07.14 12:43:46 | 000,003,342 | ---- | C] () -- C:\Users\***\AppData\Local\wkqey.dat
[2009.07.14 12:43:46 | 000,001,378 | ---- | C] () -- C:\Users\***\AppData\Local\wkqey_navps.dat
[2009.07.14 12:43:46 | 000,000,089 | ---- | C] () -- C:\Users\***\AppData\Local\wkqey.bat
[2009.07.01 13:15:40 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.01 13:15:06 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.14 09:20:55 | 007,349,744 | ---- | C] () -- C:\Programme\FLV PlayerATBSetup.exe
[2009.04.29 12:42:14 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.03.13 18:21:47 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2009.03.13 18:18:38 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.13 18:18:37 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.02.13 09:51:06 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2009.01.08 13:22:09 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2008.12.26 20:55:21 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.12.26 20:55:21 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.12.15 14:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini
[2008.12.13 18:28:12 | 000,000,119 | ---- | C] () -- C:\Windows\disney.ini
[2008.12.07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.11.20 05:57:48 | 000,049,664 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.19 16:20:29 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2008.08.08 14:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >
         
--- --- ---
__________________

Geändert von Osswald (03.01.2011 um 15:16 Uhr)

Alt 03.01.2011, 19:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Lösung: Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!



Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen.
Poste auch alle etwaigen anderen Logs von MBAM, die du im Reiter Logdateien siehst.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2011, 16:19   #5
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Beitrag

Wie Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5447

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

06.01.2011 15:41:10
mbam-log-2011-01-06 (15-41-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 421169
Laufzeit: 2 Stunde(n), 25 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 06.01.2011, 16:22   #6
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Wo Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! Lösung!



Ich habe auch probiert Avast zu Deinstallieren, weil ich das in einem andern Beitrag gelesen habe, bis jetzt hat er sich nocht nicht geöffnet, aber ich hab so ein Gefühl das er das trotzdem tut. (Deinstallation vor ca. 3 stunden)

Alt 06.01.2011, 16:23   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!



Zitat:
Datenbank Version: 5447
Jetzt hast du das Update vergessen
Bitte updaten und einen Vollscan machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2011, 16:26   #8
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!



Jetzt hab ich den ordner mit den Logdaten gefunden^^.
Soll ich den auch noch posten?
Oder nach dem Update alle?

Alt 06.01.2011, 16:41   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!



Poste die alten schonmal jetzt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2011, 16:59   #10
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! [gelöst]



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5471

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

06.01.2011 17:56:48
mbam-log-2011-01-06 (17-56-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 102809
Laufzeit: 28 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5447

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

06.01.2011 15:41:10
mbam-log-2011-01-06 (15-41-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 421169
Laufzeit: 2 Stunde(n), 25 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5447

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

06.01.2011 13:06:55
mbam-log-2011-01-06 (13-06-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 63840
Laufzeit: 12 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5447

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

03.01.2011 15:38:25
mbam-log-2011-01-03 (15-38-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 188344
Laufzeit: 18 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3526
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

09.01.2010 15:11:40
mbam-log-2010-01-09 (15-11-40).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 398287
Laufzeit: 2 hour(s), 20 minute(s), 25 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wkqey (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\39323727 (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\ProgramData\39323727 (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\ProgramData\39323727\nix.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\~TMA7E9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-68.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\siszyd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3526
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

09.01.2010 12:49:32
mbam-log-2010-01-09 (12-49-32).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 2126
Laufzeit: 9 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 06.01.2011, 17:30   #11
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! [gelöst]



Während der scan läuft hat sich WMP wieder 2 mal geöffnet, ich hab herausgefunden, das wenn ich warte bis der vollscreen geladen ist, ihn dann schließe, das man ihn dann schließen kann.
Also das der sich nicht wieder sofort öffnet.

Alt 06.01.2011, 18:59   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! [gelöst]



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2011, 19:15   #13
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! [gelöst]



Ok, hier ist erstmal noch der Voll-scan von mbam mit neuster Version


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5471

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

06.01.2011 20:13:12
mbam-log-2011-01-06 (20-13-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 422290
Laufzeit: 2 Stunde(n), 15 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 06.01.2011, 19:18   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! [gelöst]



Ok - mach bitte wie o.g. den Durchgang mit CF
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2011, 19:24   #15
Osswald
 
Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Standard

Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! [gelöst]



"Benenne es beim Runterladen um in cofi.exe.[/list]"

Wie kann ich es beim herunterladen umbenennen?
Ich hab Google Chrome zur Info da läd der das sofort runter.

Antwort

Themen zu Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!
antivir, antivir guard, antivirus, avast!, avira, bho, bonjour, browser, converter, desktop, ebay, google, hijack, hijackthis, media player, microsoft, microsoft security, microsoft security essentials, mp3, problem, security, senden, server, softonic, softonic deutsch ff toolbar, software, sweetim, system, teamspeak, trojaner, virus, vista, wickel, windows, windows vista



Ähnliche Themen: Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!


  1. Windows Media Player öffnet sich ständig von alleine.
    Plagegeister aller Art und deren Bekämpfung - 11.07.2014 (5)
  2. Windows Media Player öffnet sich von selbst
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (14)
  3. CD lässt sich nur noch mit Windows Media Player öffnen
    Netzwerk und Hardware - 07.10.2013 (17)
  4. Windows Media Player öffnet sich von selbst
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (15)
  5. Windows Media Player öffnet sich von alleine
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (2)
  6. IE öffnet eigenständig neue Fenster, tlw mit Media Player
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (17)
  7. Die Strg-Taste öffnet Media Player,iTunes,etc...
    Alles rund um Windows - 07.09.2009 (5)
  8. Windows Media Player schließt sich von selbst
    Alles rund um Windows - 17.06.2009 (0)
  9. Media Player öffnet sich selbstständig immer und immer wieder
    Log-Analyse und Auswertung - 30.10.2008 (0)
  10. Windows Media Player öffnet automatisch
    Mülltonne - 10.10.2008 (1)
  11. Windows Media Player öffnet automatisch
    Alles rund um Windows - 10.10.2008 (0)
  12. Windows Media Player Bug
    Alles rund um Windows - 07.08.2007 (1)
  13. Media Player öffnet sich von selbst
    Log-Analyse und Auswertung - 04.03.2007 (5)
  14. Internet Explorer und Media Player schliessen sich
    Log-Analyse und Auswertung - 15.03.2006 (2)
  15. Windows Media Player öffnet automatisch
    Plagegeister aller Art und deren Bekämpfung - 09.11.2005 (4)
  16. Windows Media Player
    Alles rund um Windows - 04.09.2005 (12)
  17. Windows Media Player
    Alles rund um Windows - 10.08.2004 (2)

Zum Thema Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! - Also wie schon im Titel beschrieben öffnet sich ca. alle 30min - 1std. 30min mein WMP von alleine. Und wenn ich es minimire / ein anderes Fenster (z.b. internetbrowser) öfffne - Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar!...
Archiv
Du betrachtest: Windows Media Player öffnet sich ab und an und ist nichtmehr schließbar! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.