Trojaner-Board - Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert... (https://www.trojaner-board.de/107922-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert.html)

daapool

10.01.2012 23:31

Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...

Hallo!
Ich habe mir vor 2 Tagen auch diese Malware eingefangen, bei der die Forderung nach 50 Euro auf schwarzem Bildschirm auftaucht und manchmal auch eine andere in der es heißt ich habe illegal Porno gesehen oder so.
Habe im Eifer des Gefechts mit Malwarebytes die gefundenen Übeltäter nicht beseitigt sondern ingoriert!!!
Beim wiederholten Scan dann nichts mehr gefunden.
Konnte im Anschluß daran über die Systemwiederherstellung wieder Zugriff über meinen Pc bekommen. Jetzt funktioniert wieder alles gut. Würde aber gerne Hilfe haben ob mein Pc jetzt sauber ist, da ich ihn beruflich und für Onlinebanking benutzen muss.
Heute durch Superantispyware und Malwarebytes keine Auffälligkeien soweit ich erkennen kann.

Vielen Dank im Voraus

kira	11.01.2012 08:07

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

Malwarebytes

SuperAntiSpyware Free Edition

(alle vorhandenen Protokolle!)

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

Zitat:

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

daapool

11.01.2012 12:36

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.01.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
hase :: HASENPC [Administrator]

09.01.2012 00:47:21
mbam-log-2012-01-09 (00-47-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 170032
Laufzeit: 3 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.01.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
hase :: HASENPC [Administrator]

09.01.2012 19:33:59
mbam-log-2012-01-09 (19-33-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 170137
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.01.10.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
hase :: HASENPC [Administrator]

10.01.2012 23:02:02
mbam-log-2012-01-10 (23-02-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 171165
Laufzeit: 4 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 01/10/2012 at 10:56 PM

Application Version : 5.0.1142

Core Rules Database Version : 8119
Trace Rules Database Version: 5931

Scan type : Quick Scan
Total Scan Time : 00:09:16

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 655
Memory threats detected : 0
Registry items scanned : 30137
Registry threats detected : 0
File items scanned : 8007
File threats detected : 1

Adware.Tracking Cookie
C:\USERS\HASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VVEWHZI0.txt [ Cookie:hase@doubleclick.net/ ]

daapool

11.01.2012 14:23

Code:

OTL logfile created on: 11.01.2012 12:40:33 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,85% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 87,32 Gb Free Space | 40,35% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\hase\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Windows\vsnp325.exe ()

PRC - C:\Windows\tsnp325.exe ()

PRC - C:\Windows\FixCamera.exe ()

PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

MOD - C:\Windows\vsnp325.exe ()

MOD - C:\Windows\tsnp325.exe ()

MOD - C:\Windows\FixCamera.exe ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) --  File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc.              )

DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)

DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)

DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.)

DRV - (ViPrt) -- C:\Windows\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)

DRV - (ViBus) -- C:\Windows\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ecosia"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "web.de"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-IDW&o=APN10023&locale=de_US&apn_uid=9a83f866-1db9-4caf-947e-53568ef1b0ac&apn_ptnrs=LL&apn_sauid=&apn_dtid=YYYYYYYYAT&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.25 21:55:30 | 000,000,000 | ---D | M]

 

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012.01.10 00:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions

[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)

[2012.01.09 23:58:53 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\toolbar@ask.com

[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml

[2010.02.07 13:32:49 | 000,002,172 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml

[2011.08.14 13:52:46 | 000,000,917 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml

[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml

[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml

[2011.08.11 22:58:41 | 000,005,508 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml

[2012.01.10 22:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.01.10 22:58:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()

O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.10 23:44:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.01.10 22:58:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.10 22:58:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.10 22:58:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com

[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera

[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira

[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.01.09 23:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes

[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand

[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll

[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll

[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.11 12:20:07 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.11 12:20:07 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.11 12:20:07 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.11 12:20:07 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.11 12:16:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.11 12:13:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.11 12:13:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.11 12:13:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.11 12:13:19 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job

[2012.01.11 12:13:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.11 12:13:10 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk

[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps

[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:20:49 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys

[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps

[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini

[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini

[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png

[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe

[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat

[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe

[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe

[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini

[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI

[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI

[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml

[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini

[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat

[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe

[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll

[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat

[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll

[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 

< End of report >

daapool

11.01.2012 14:25

Code:

OTL Extras logfile created on: 11.01.2012 12:40:33 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,85% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 87,32 Gb Free Space | 40,35% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 

"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{7EE02344-4F05-4F7F-92E2-23D632C31091}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30

"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0

"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DVDStyler_is1" = DVDStyler v1.8.2

"Foxit Reader" = Foxit Reader

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426

"Haushaltsbuch" = Haushaltsbuch

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"MyTomTom" = MyTomTom 3.0.2.363

"NVIDIA Drivers" = NVIDIA Drivers

"Opera 11.60.1185" = Opera 11.60

"Shockwave" = Shockwave

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 3.2.4

"ST6UNST #1" = CoveDesigner

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 0.9.8a

"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter

"vShare.tv plugin" = vShare.tv plugin 1.3

"VSO DivxToDVD_is1" = DivxToDVD 0.5.2

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winmail Opener" = Winmail Opener 1.4

"WinRAR archiver" = WinRAR archiver

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7921

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9875

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9875

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11843

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11843

 

Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel

 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit

 01cb779f6f29cc18.

 

Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel

 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,

 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit

 01cb7b4f47b6065a.

 

Error - 04.11.2010 16:15:33 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3951, Zeitstempel

 0x4cc7ae16, fehlerhaftes Modul FOXITR~1.OCX, Version 1.0.0.1, Zeitstempel 0x495057f6,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c8e,  Prozess-ID 0x81c, Anwendungsstartzeit

 01cb7c5cec7dcec2.

 

[ OSession Events ]

Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 09.01.2012 18:09:56 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 09.01.2012 18:12:28 | Computer Name = HasenPC | Source = DCOM | ID = 10005

Description = 

 

Error - 09.01.2012 18:22:34 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 09.01.2012 18:27:11 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 09.01.2012 18:33:52 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 09.01.2012 18:44:12 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 10.01.2012 15:31:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 10.01.2012 18:48:08 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 10.01.2012 18:55:51 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 11.01.2012 07:14:54 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

daapool

11.01.2012 14:28

CCleaner, installierte Programme

Code:

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        21.12.2008                10.0.12.36

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        22.11.2011                11.1.102.55

Adobe Photoshop 7.0        Adobe Systems, Inc.        04.01.2010        144,7MB        7.0

Adobe Shockwave Player 11.5        Adobe Systems, Inc.        12.06.2011        8,89MB        11.5.9.620

Apple Application Support        Apple Inc.        06.08.2011        60,2MB        2.0.1

Apple Mobile Device Support        Apple Inc.        06.08.2011        22,1MB        3.4.1.2

Apple Software Update        Apple Inc.        06.08.2011        2,38MB        2.1.3.127

Avira Free Antivirus        Avira        08.01.2012        112,3MB        12.0.0.872

Avira SearchFree Toolbar plus Web Protection        Ask.com        08.01.2012        3,64MB        1.14.0.0

Avira SearchFree Toolbar plus Web Protection Updater        {BLD_IS_IE_ADDREMOVE_PRODUCTNAME}        08.01.2012        1,37MB        1.2.0.19934

Bonjour        Apple Inc.        06.08.2011        1,04MB        3.0.0.2

CCleaner        Piriform        27.10.2010        1,29MB        3.00

CoveDesigner                08.11.2008        0,12MB        

DivX Codec        DivX, Inc.        09.03.2009        1,40MB        6.8.5

DivX Converter        DivX, Inc.        09.03.2009        35,9MB        7.0.0

DivX Player        DivX, Inc.        09.03.2009        8,09MB        7.0.0

DivX Plus DirectShow Filters        DivX, Inc.        09.03.2009        1,21MB        

DivX Web Player        DivX,Inc.        09.03.2009        1,34MB        1.4.2

DivxToDVD 0.5.2        VSO-Software SARL        04.01.2009        7,89MB        0.5.2

Download Updater (AOL LLC)                22.06.2011                

DVDStyler v1.8.2                01.12.2010        26,9MB        

FirstSteps Diagnostics        Fujitsu Siemens Computers        17.01.2008        4,67MB        1.00

Foxit Reader                29.05.2009        7,31MB        

Free Video to MP3 Converter version 4.2.12        DVDVideoSoft Limited.        27.10.2010        2,77MB        

Free YouTube to MP3 Converter version 3.9.37.426        DVDVideoSoft Limited.        08.05.2011        2,20MB        

Google Earth        Google        21.11.2011        92,8MB        6.1.0.5001

hama PC-Webcam AC-140        Sonix        04.04.2010        107,4MB        0.1.0.000

Hama PC-Webcam Circle        Hama        09.12.2010        0,16MB        1.0.0.19

Hama Webcam Suite        ArcSoft        04.04.2010        107,4MB        

Haushaltsbuch                02.07.2008        4,53MB        

iTunes        Apple Inc.        06.08.2011        141,9MB        10.4.0.80

Java(TM) 6 Update 30        Sun Microsystems, Inc.        20.12.2008        94,4MB        6.0.300

Java(TM) 6 Update 7        Sun Microsystems, Inc.        11.07.2008        136,2MB        1.6.0.70

Mahjong Towers Eternity EU (remove only)                25.06.2008        15,7MB        

Malwarebytes Anti-Malware Version 1.60.0.1800        Malwarebytes Corporation        09.01.2012        11,6MB        1.60.0.1800

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        05.02.2009        37,0MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        31.01.2009        37,0MB        

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        23.06.2010        120,3MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        23.06.2010        24,5MB        4.0.30319

Microsoft Office File Validation Add-In        Microsoft Corporation        17.10.2011        7,92MB        14.0.5130.5003

Microsoft Office Home and Student 2007        Microsoft Corporation        06.11.2011        295MB        12.0.6612.1000

Microsoft Office Live Add-in 1.5        Microsoft Corporation        26.05.2010        0,49MB        2.0.4024.1

Microsoft Silverlight        Microsoft Corporation        11.10.2011                4.0.60831.0

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        06.11.2009        1,74MB        3.1.0000

Microsoft Sync Framework Runtime Native v1.0 (x86)        Microsoft Corporation        06.11.2009        0,61MB        1.0.1215.0

Microsoft Sync Framework Services Native v1.0 (x86)        Microsoft Corporation        06.11.2009        1,45MB        1.0.1215.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        03.08.2009        0,25MB        8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        10.08.2011        0,29MB        8.0.61001

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        14.04.2011        0,58MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        02.01.2011        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        10.08.2011        0,58MB        9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        09.01.2012        11,1MB        10.0.40219

MobileMe Control Panel        Apple Inc.        06.08.2011        12,0MB        3.1.6.0

Mozilla Firefox 9.0.1 (x86 de)        Mozilla        09.01.2012        42,6MB        9.0.1

MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        17.01.2008        1,27MB        4.20.9849.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        10.11.2008        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,34MB        4.20.9876.0

MyTomTom 3.0.2.363        TomTom        02.07.2011        17,1MB        3.0.2.363

Nero 8 Essentials        Nero AG        25.06.2008        2.072MB        8.0.287

NVIDIA Drivers                18.07.2008                

Opera 11.60        Opera Software ASA        09.01.2012        34,9MB        11.60.1185

Pro Evolution Soccer 2011        KONAMI        13.07.2011        1.937MB        1.00.0000

QuickTime        Apple Inc.        06.08.2011        73,0MB        7.70.80.34

Realtek High Definition Audio Driver                17.01.2008                

Safari        Apple Inc.        22.03.2011        41,3MB        5.33.20.27

Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)        Microsoft        20.11.2010        0,29MB        1.0.0

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)        Microsoft        20.11.2010        56,00KB        1.0.0

Shockwave                15.07.2008                

Skype Toolbars        Skype Technologies S.A.        07.06.2011        5,72MB        5.3.7555

Skype™ 5.3        Skype Technologies S.A.        07.06.2011        22,6MB        5.3.116

SopCast 3.2.4        SopCast.com        06.08.2009        9,26MB        3.2.4

SUPERAntiSpyware        SUPERAntiSpyware.com        09.01.2012        75,4MB        5.0.1142

TMPGEnc Plus 2.5        Pegasys Inc.        01.12.2010        4,29MB        2.524.63.181

Uninstall 1.0.0.1                08.05.2011        14,3MB        

VIA Rhine Family Fast Ethernet Adapter                18.11.2008                

VideoCam Suite 1.0        Matsushita Electric Industrial Co., Ltd.        16.08.2008        118,8MB        1.00.012.0007

Visual Studio C++ 10.0 Runtime        TomTom International B.V.        02.07.2011        1,15MB        10.0.0

VLC media player 0.9.8a        VideoLAN Team        04.01.2009        60,9MB        0.9.8a

VoiceOver Kit        Apple Inc.        22.03.2011        41,8MB        1.40.128.0

vShare.tv plugin 1.3        vShare.tv, Inc.        26.09.2011        0,58MB        1.3

Windows Live Essentials        Microsoft Corporation        06.11.2009        117,5MB        14.0.8089.0726

Windows Live ID-Anmelde-Assistent        Microsoft Corporation        26.05.2010        4,69MB        6.500.3165.0

Windows Live Sync        Microsoft Corporation        06.11.2009        2,79MB        14.0.8089.726

Windows Live-Uploadtool        Microsoft Corporation        06.11.2009        0,22MB        14.0.8014.1029

Windows Media Player Firefox Plugin        Microsoft Corp        06.09.2008        0,29MB        1.0.0.8

Winmail Opener 1.4        Eolsoft        17.04.2010        0,37MB        1.4

WinRAR archiver                12.09.2008        3,30MB

kira	11.01.2012 21:17

1.
Hast Du aus Unwissenheit zugestimmt? Brauchst den Webguard nicht? dann Deinstalliere:

Zitat:

Avira SearchFree Toolbar plus Web Protection Ask.com 08.01.2012 3,64MB 1.14.0.0
Avira SearchFree Toolbar plus Web Protection Updater {BLD_IS_IE_ADDREMOVE_PRODUCTNAME} 08.01.2012 1,37MB 1.2.0.19934

Info
Hinweise zum Einsatz von Freeware-Version Avira AntiVir Personal:
Hier klicken zum Weiterlesen:
-> http://www.chip.de/news/AntiVir-Serv..._45444953.html
► Wer möchte diese Adware auf seinen Rechner haben?!
Lieber ohne Webguard, als mit ein Adware...http://www.world-of-smilies.com/wos_sonstige/a048.gif

2.
wenn ohne deine Erlaubnis installiert wurde und nicht benötigst, kannst deinstallieren:

Code:

vShare.tv plugin

- Manche Erweiterungen wollen sich doch nur wichtig machen;)

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

5.
reinige dein System mit CCleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

6.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

daapool

12.01.2012 20:29

OTL Logfile:

Code:

OTL logfile created on: 12.01.2012 20:22:12 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 88,93 Gb Free Space | 41,09% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2010.10.27 19:00:06 | 001,861,944 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe

PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe

PRC - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.12 20:10:08 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012.01.12 20:10:08 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012.01.10 22:46:45 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012.01.10 22:46:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011.11.23 19:47:48 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2010.10.27 20:40:32 | 000,028,672 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1031.dll

MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe

MOD - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)

DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)

DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)

DRV - [2007.06.01 16:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV - [2007.05.07 16:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)

DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)

DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "web.de"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 20:05:19 | 000,000,000 | ---D | M]

 

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012.01.12 19:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions

[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)

[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml

[2010.02.07 13:32:49 | 000,002,172 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml

[2011.08.14 13:52:46 | 000,000,917 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml

[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml

[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml

[2011.08.11 22:58:41 | 000,005,508 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml

[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.01.12 20:14:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()

O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.12 20:15:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com

[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera

[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira

[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes

[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand

[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll

[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll

[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.12 20:16:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.12 20:15:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.12 20:15:04 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.12 20:15:04 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.12 20:15:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.12 20:14:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.01.12 20:14:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.12 20:09:28 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.12 20:09:27 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.12 20:09:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job

[2012.01.12 20:09:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.12 20:09:15 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.11 16:35:32 | 000,002,633 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office PowerPoint 2007.lnk

[2012.01.11 16:34:31 | 000,002,593 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Excel 2007.lnk

[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk

[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps

[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:20:49 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys

[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps

[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini

[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini

[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png

[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe

[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat

[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe

[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe

[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini

[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI

[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI

[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml

[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini

[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat

[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe

[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll

[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat

[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll

[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2010.11.21 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\2pTech

[2010.10.28 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoft

[2011.05.09 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.05.30 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Foxit

[2010.04.11 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\gtk-2.0

[2011.12.21 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.06.23 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\OpenCandy

[2012.01.10 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Opera

[2008.08.16 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Panasonic

[2010.12.09 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\PeerNetworking

[2009.01.05 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Pegasys Inc

[2010.06.03 15:18:17 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\temp

[2008.12.22 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\TomTom

[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job

[2012.01.12 20:08:35 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 12.01.2012 20:22:12 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 88,93 Gb Free Space | 41,09% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 

"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30

"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0

"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DVDStyler_is1" = DVDStyler v1.8.2

"Foxit Reader" = Foxit Reader

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426

"Haushaltsbuch" = Haushaltsbuch

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"MyTomTom" = MyTomTom 3.0.2.363

"NVIDIA Drivers" = NVIDIA Drivers

"Opera 11.60.1185" = Opera 11.60

"Shockwave" = Shockwave

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 3.2.4

"ST6UNST #1" = CoveDesigner

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 0.9.8a

"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter

"VSO DivxToDVD_is1" = DivxToDVD 0.5.2

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winmail Opener" = Winmail Opener 1.4

"WinRAR archiver" = WinRAR archiver

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7921

 

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7921

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9875

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9875

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11843

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11843

 

Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel

 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit

 01cb779f6f29cc18.

 

Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel

 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,

 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit

 01cb7b4f47b6065a.

 

[ OSession Events ]

Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 11.01.2012 14:49:42 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

--- --- ---

daapool

12.01.2012 20:32

Hallo Danke für die deine Antwort.
Habe alles gemacht wie geschrieben. zu Punkt 4. Ich habe gar keinen Adobe Reader
Nach der Säuberung mit CCleaner bleibt ein Fehler übrig, der nicht entfernt wird und wenn ich es 100 mal versuche !?

OTL Logfile:

Code:

OTL logfile created on: 12.01.2012 20:22:12 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 88,93 Gb Free Space | 41,09% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2010.10.27 19:00:06 | 001,861,944 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe

PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe

PRC - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.12 20:10:08 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012.01.12 20:10:08 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012.01.10 22:46:45 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012.01.10 22:46:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011.11.23 19:47:48 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2010.10.27 20:40:32 | 000,028,672 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1031.dll

MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe

MOD - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)

DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)

DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)

DRV - [2007.06.01 16:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV - [2007.05.07 16:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)

DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)

DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "web.de"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 20:05:19 | 000,000,000 | ---D | M]

 

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012.01.12 19:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions

[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)

[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml

[2010.02.07 13:32:49 | 000,002,172 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml

[2011.08.14 13:52:46 | 000,000,917 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml

[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml

[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml

[2011.08.11 22:58:41 | 000,005,508 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml

[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.01.12 20:14:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()

O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.12 20:15:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com

[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera

[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira

[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes

[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand

[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll

[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll

[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.12 20:16:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.12 20:15:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.12 20:15:04 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.12 20:15:04 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.12 20:15:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.12 20:14:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.01.12 20:14:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.12 20:09:28 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.12 20:09:27 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.12 20:09:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job

[2012.01.12 20:09:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.12 20:09:15 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.11 16:35:32 | 000,002,633 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office PowerPoint 2007.lnk

[2012.01.11 16:34:31 | 000,002,593 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Excel 2007.lnk

[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk

[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps

[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:20:49 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys

[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps

[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini

[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini

[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png

[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe

[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat

[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe

[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe

[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini

[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI

[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI

[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml

[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini

[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat

[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe

[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll

[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat

[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll

[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2010.11.21 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\2pTech

[2010.10.28 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoft

[2011.05.09 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.05.30 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Foxit

[2010.04.11 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\gtk-2.0

[2011.12.21 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.06.23 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\OpenCandy

[2012.01.10 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Opera

[2008.08.16 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Panasonic

[2010.12.09 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\PeerNetworking

[2009.01.05 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Pegasys Inc

[2010.06.03 15:18:17 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\temp

[2008.12.22 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\TomTom

[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job

[2012.01.12 20:08:35 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 12.01.2012 20:22:12 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,44% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 88,93 Gb Free Space | 41,09% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 

"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30

"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0

"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DVDStyler_is1" = DVDStyler v1.8.2

"Foxit Reader" = Foxit Reader

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426

"Haushaltsbuch" = Haushaltsbuch

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"MyTomTom" = MyTomTom 3.0.2.363

"NVIDIA Drivers" = NVIDIA Drivers

"Opera 11.60.1185" = Opera 11.60

"Shockwave" = Shockwave

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 3.2.4

"ST6UNST #1" = CoveDesigner

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 0.9.8a

"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter

"VSO DivxToDVD_is1" = DivxToDVD 0.5.2

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winmail Opener" = Winmail Opener 1.4

"WinRAR archiver" = WinRAR archiver

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7921

 

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7921

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9875

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9875

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11843

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11843

 

Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel

 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit

 01cb779f6f29cc18.

 

Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel

 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,

 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit

 01cb7b4f47b6065a.

 

[ OSession Events ]

Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 11.01.2012 14:49:42 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.01.2012 14:38:32 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.01.2012 14:52:47 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.01.2012 15:11:00 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

--- --- ---

kira	13.01.2012 09:12

1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> http://windows.microsoft.com/de-AT/w...nder-on-or-off
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "web.de"

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

[2010.02.07 13:32:49 | 000,002,172 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml

[2011.08.14 13:52:46 | 000,000,917 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml

[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml

[2011.08.11 22:58:41 | 000,005,508 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml

[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.01.10 21:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.01.12 20:16:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.12 20:09:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.12 20:09:25 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
 

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

daapool

13.01.2012 22:13

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "web.de" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\bing.xml moved successfully.
C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\conduit.xml moved successfully.
C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\startsear.xml moved successfully.
C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\webde-suche.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\DriverScanner.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DZH~1.OLY

User: hase
->Temp folder emptied: 2000 bytes
->Temporary Internet Files folder emptied: 7841044 bytes
->Java cache emptied: 37439794 bytes
->FireFox cache emptied: 359661467 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 906 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 386,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01132012_220547

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

daapool

13.01.2012 22:20

OTL Logfile:

Code:

OTL logfile created on: 13.01.2012 22:14:39 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free

6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 87,40 Gb Free Space | 40,39% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe

PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe

PRC - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.13 22:10:22 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012.01.13 22:10:22 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012.01.10 22:46:45 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012.01.10 22:46:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2008.08.29 09:55:00 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe

MOD - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)

DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)

DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)

DRV - [2007.06.01 16:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV - [2007.05.07 16:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)

DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)

DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: ""

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 22:01:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 22:03:21 | 000,000,000 | ---D | M]

 

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012.01.13 20:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions

[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)

[2012.01.12 23:28:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.01.12 23:28:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml

[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml

[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\GUTSCHEINE4FREE@DEVELOPER.COM.XPI

[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.01.12 20:14:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()

O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.13 22:05:47 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.01.12 23:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2012.01.12 22:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012.01.12 22:03:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2012.01.12 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\DDMSettings

[2012.01.12 22:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2012.01.12 22:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2012.01.12 21:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2012.01.12 21:03:57 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\THEORG

[2012.01.12 20:15:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com

[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera

[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira

[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes

[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand

[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll

[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll

[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.13 22:16:54 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.13 22:16:54 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.13 22:16:54 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.13 22:16:54 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.13 22:09:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.13 22:09:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.13 22:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.13 22:09:02 | 3217,559,552 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.12 22:06:21 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.01.12 20:14:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.01.12 20:14:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.11 16:35:32 | 000,002,633 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office PowerPoint 2007.lnk

[2012.01.11 16:34:31 | 000,002,593 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Excel 2007.lnk

[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk

[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps

[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.01.12 22:06:21 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:20:49 | 3217,559,552 | -HS- | C] () -- C:\hiberfil.sys

[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps

[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini

[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini

[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png

[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe

[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat

[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe

[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe

[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini

[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI

[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI

[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml

[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini

[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat

[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe

[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll

[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat

[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll

[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2010.11.21 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\2pTech

[2010.10.28 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoft

[2011.05.09 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.05.30 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Foxit

[2010.04.11 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\gtk-2.0

[2011.12.21 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.06.23 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\OpenCandy

[2012.01.10 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Opera

[2008.08.16 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Panasonic

[2010.12.09 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\PeerNetworking

[2009.01.05 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Pegasys Inc

[2010.06.03 15:18:17 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\temp

[2008.12.22 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\TomTom

[2012.01.13 22:06:31 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 13.01.2012 22:14:39 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free

6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 87,40 Gb Free Space | 40,39% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 

"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30

"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0

"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup" = DivX-Setup

"DVDStyler_is1" = DVDStyler v1.8.2

"Foxit Reader" = Foxit Reader

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426

"Haushaltsbuch" = Haushaltsbuch

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"MyTomTom" = MyTomTom 3.0.2.363

"NVIDIA Drivers" = NVIDIA Drivers

"Opera 11.60.1185" = Opera 11.60

"Shockwave" = Shockwave

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 3.2.4

"ST6UNST #1" = CoveDesigner

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.11

"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter

"VSO DivxToDVD_is1" = DivxToDVD 0.5.2

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winmail Opener" = Winmail Opener 1.4

"WinRAR archiver" = WinRAR archiver

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7921

 

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7921

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9875

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9875

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11843

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11843

 

Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel

 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit

 01cb779f6f29cc18.

 

Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel

 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,

 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit

 01cb7b4f47b6065a.

 

[ OSession Events ]

Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 13.01.2012 15:20:47 | Computer Name = HasenPC | Source = WinDefend | ID = 2004

Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.

 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte

 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine

 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 

Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen

 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie

 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.95.2986.0
 

        Ladende

 Modulversion: 1.1.6402.0

 

Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

--- --- ---

daapool

13.01.2012 22:21

OTL Logfile:

Code:

OTL logfile created on: 13.01.2012 22:14:39 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free

6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 87,40 Gb Free Space | 40,39% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe

PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe

PRC - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.13 22:10:22 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012.01.13 22:10:22 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012.01.10 22:46:45 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012.01.10 22:46:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2008.08.29 09:55:00 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe

MOD - [2007.02.12 13:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)

DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)

DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)

DRV - [2007.06.01 16:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV - [2007.05.07 16:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)

DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)

DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)

DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: ""

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 22:01:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:35:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 22:03:21 | 000,000,000 | ---D | M]

 

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions

[2008.12.22 13:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012.01.13 20:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions

[2012.01.08 17:27:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(38)

[2012.01.12 23:28:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.01.12 23:28:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hase\AppData\Roaming\mozilla\Firefox\Profiles\gyjn0w5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.06.23 13:53:28 | 000,002,354 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\aol-web-search.xml

[2011.05.19 17:35:14 | 000,005,212 | ---- | M] () -- C:\Users\hase\AppData\Roaming\Mozilla\Firefox\Profiles\gyjn0w5u.default\searchplugins\ecosia.xml

[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.06.08 22:47:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.01.12 20:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\USERS\HASE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYJN0W5U.DEFAULT\EXTENSIONS\GUTSCHEINE4FREE@DEVELOPER.COM.XPI

[2009.07.11 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.01.12 20:14:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.06.01 11:41:48 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()

O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube Download - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE25BBF-5422-4B8C-AEA4-F2A20EE8C6BC}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\hase\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.13 22:05:47 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.01.12 23:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2012.01.12 22:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012.01.12 22:03:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2012.01.12 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\DDMSettings

[2012.01.12 22:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2012.01.12 22:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2012.01.12 21:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2012.01.12 21:03:57 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\THEORG

[2012.01.12 20:15:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.12 20:15:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.10 23:42:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.10 23:42:20 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.10 23:42:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.10 23:42:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.10 23:42:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012.01.10 23:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.10 23:00:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.01.10 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\SUPERAntiSpyware.com

[2012.01.10 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.01.10 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.01.10 21:04:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Opera

[2012.01.10 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Local\Opera

[2012.01.10 00:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2012.01.09 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Avira

[2012.01.09 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.01.09 23:48:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.01.09 23:48:56 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.01.09 23:48:56 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.01.09 23:48:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.01.09 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.01.09 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\Malwarebytes

[2012.01.09 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.09 00:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

[2011.12.30 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\hase\Desktop\Lehmwand

[2011.12.21 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.12.19 20:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.12.19 20:15:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.12.19 20:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.12.19 20:15:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.12.19 20:15:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.12.19 20:15:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.12.19 20:12:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011.12.19 20:12:23 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.12.19 20:12:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011.12.19 20:12:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011.12.19 20:12:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011.12.19 20:12:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2010.04.05 16:16:09 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll

[2010.04.05 16:16:09 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll

[2010.04.05 16:16:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.13 22:16:54 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.13 22:16:54 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.13 22:16:54 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.13 22:16:54 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.13 22:09:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.13 22:09:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.13 22:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.13 22:09:02 | 3217,559,552 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.12 22:06:21 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.01.12 20:14:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.01.12 20:14:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.01.12 20:14:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.01.11 16:35:32 | 000,002,633 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office PowerPoint 2007.lnk

[2012.01.11 16:34:31 | 000,002,593 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Excel 2007.lnk

[2012.01.10 23:00:23 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 21:04:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hase\Desktop\OTL.exe

[2012.01.10 00:35:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:06:06 | 000,000,000 | ---- | M] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:26 | 001,952,888 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:33:03 | 002,425,522 | ---- | M] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

[2012.01.01 21:36:33 | 000,002,591 | ---- | M] () -- C:\Users\hase\Desktop\Microsoft Office Word 2007.lnk

[2011.12.20 19:22:37 | 000,273,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.18 19:44:45 | 002,137,636 | R--- | M] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:47 | 000,221,221 | ---- | M] () -- C:\Users\hase\Desktop\wien.xps

[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.01.12 22:06:21 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.01.10 23:00:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.10 22:46:02 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.01.10 00:35:49 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.01.10 00:35:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.10 00:16:28 | 000,001,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012.01.10 00:16:28 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.01.09 23:49:41 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.09 23:20:49 | 3217,559,552 | -HS- | C] () -- C:\hiberfil.sys

[2012.01.09 23:06:06 | 000,000,000 | ---- | C] () -- C:\Users\hase\AppData\Local\{55332142-12C8-4656-AE60-12B742756D99}

[2012.01.06 10:33:18 | 001,952,888 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0555.JPG

[2012.01.06 10:32:59 | 002,425,522 | ---- | C] () -- C:\Users\hase\Desktop\IMG_0556.JPG

[2011.12.18 19:44:44 | 002,137,636 | R--- | C] () -- C:\Users\hase\Desktop\ds11-0301-1.pdf

[2011.12.16 19:54:44 | 000,221,221 | ---- | C] () -- C:\Users\hase\Desktop\wien.xps

[2010.12.10 22:28:39 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini

[2010.12.10 22:28:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini

[2010.12.09 20:38:28 | 000,024,227 | ---- | C] () -- C:\Users\hase\AppData\Roaming\UserTile.png

[2010.11.21 21:59:03 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe

[2010.06.07 20:45:44 | 000,000,012 | ---- | C] () -- C:\Users\hase\AppData\Roaming\qcopjv.dat

[2010.04.05 16:16:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe

[2010.04.05 16:16:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe

[2010.04.05 16:16:10 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.05 16:16:10 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini

[2009.05.26 21:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.26 21:49:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.01.16 20:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\BEMERK~1.INI

[2009.01.16 20:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WdbInstW.INI

[2009.01.09 20:55:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.01.03 14:41:34 | 000,006,384 | ---- | C] () -- C:\Users\hase\AppData\Roaming\PrimoPDFSet.xml

[2009.01.03 11:54:56 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.07.23 21:22:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.07.22 16:03:19 | 000,001,354 | ---- | C] () -- C:\Windows\hpbvnstp.ini

[2008.07.19 18:18:15 | 000,001,356 | ---- | C] () -- C:\Users\hase\AppData\Local\d3d9caps.dat

[2008.07.16 20:46:26 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008.07.13 18:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2008.07.03 19:52:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe

[2008.06.26 19:33:40 | 000,032,256 | ---- | C] () -- C:\Users\hase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.01.18 15:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll

[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,273,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

[2004.03.15 11:02:38 | 000,000,412 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dat

[2004.03.03 04:06:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\HP3AIOZ6.dll

[2002.05.03 14:40:32 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2010.11.21 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\2pTech

[2010.10.28 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoft

[2011.05.09 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.05.30 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Foxit

[2010.04.11 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\gtk-2.0

[2011.12.21 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\LaunchPad

[2011.06.23 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\OpenCandy

[2012.01.10 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Opera

[2008.08.16 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Panasonic

[2010.12.09 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\PeerNetworking

[2009.01.05 08:45:35 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\Pegasys Inc

[2010.06.03 15:18:17 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\temp

[2008.12.22 13:53:50 | 000,000,000 | ---D | M] -- C:\Users\hase\AppData\Roaming\TomTom

[2012.01.13 22:06:31 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 13.01.2012 22:14:39 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\hase\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free

6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 87,40 Gb Free Space | 40,39% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 59,95 Gb Free Space | 55,91% Space Free | Partition Type: NTFS

 

Computer Name: HASENPC | User Name: hase | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B6C87D-C3F2-4184-905E-540A08A69FAB}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{06E6A945-FA8D-407B-B303-9707EB353C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{09FDF0BC-AFFB-4D4E-83F1-C7C294038E73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{0A828AD6-5635-4E97-8550-90C2F5FD57A9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{37BF999B-8696-40C3-A4F8-060EC394569B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{3C645C51-BA04-4043-B9F4-60ADBFE2FB04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{438FBEE1-4367-4432-88E5-7CD8935026F3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{5902BA77-9B9B-4A2C-B118-D6666D50BEA4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{5FE366A1-D66D-4EA5-A726-FCDD1D2C255F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{60B0B7D6-D09F-4DB9-837E-203CAADCCF3F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{8329838A-35FD-4F44-854F-DC94603A2727}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{9371DE25-C629-4186-AD2F-E9240697CED9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{AB345130-FE65-4D2E-AF44-C8EF97BA63D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{C6C8DB1E-42EE-4610-A260-8B8B0B42E5A6}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{CA386061-7D90-4117-9A0B-E97C1EDC56DF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{CC46BFD5-265A-458B-9D51-7B2CA2B4454D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{CE24C86E-B7A5-48A2-A5CE-403F1C0F7160}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{D0B68ADE-1E58-40DE-BA4D-C4B93E726332}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{D822F608-EFAB-4C54-B025-2793E291646D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{DB6ACC85-B944-43B9-B611-A096C54F2E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DE8049F9-92DD-4B58-8DD9-907097DC97AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{EB2BEB1B-B635-4EB3-AF58-387CE5CFBD94}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{EC0E6C63-317A-4F12-B6F6-82ACD1A3B292}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{ECCDFE07-584E-4847-A780-8B85CE80E7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F297A9AF-6B7E-41F6-91BB-5102F9D0C197}" = rport=5358 | protocol=6 | dir=out | app=system | 

"{F2B6DA98-9A98-4CE9-8CDD-1A7150F65675}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{FB1036C4-F478-4E8B-BA21-FBCC3E008A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{FF709C6E-3691-4358-9BB9-092A1A94B266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05370BBE-C8D3-4F25-93A5-0B3F6A6CFB1D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{28D960DA-0E2B-41BD-B0CD-D4DA7E0601CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{2F77A683-F343-456B-AEF1-1D6BC6020603}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{49547AA0-4079-419A-B8B3-781963FC9666}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{49CE4D73-D52E-41D7-B5B9-8094F83FC2CD}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{619BC150-435F-4716-BACD-FDE161B1CAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{61BE6F9A-9E16-4FF6-868F-A679C6CB0F82}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{6FC49D01-0D2D-4DF9-A10C-E1F6E62F35E0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{718CC16C-4B51-43E9-A35D-A336336AAB18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{7430FACD-E310-4F18-B2E8-8CDFD558EED7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7BEA212E-BD6D-4A12-B315-DE1D81292339}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{8C21CCCC-6EC1-4543-A677-937A1A9252D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{95F91FAA-7B80-4DD1-BAF9-FC49B3BA20E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{99BE6CBC-1526-4C70-9D64-D6DFFD3DB7E3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{A316AB44-003E-470E-B6A7-E9F233FFDE26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{A9E1D451-A7F1-4C9F-9ABE-68E080DF31DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{ACCD23A6-9439-4446-8E62-64ACE188DE32}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe | 

"{B607459B-CE5C-4489-B074-1CA7439574DD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C3246C59-619A-41A4-BEC7-D28E039D1047}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{C89CE262-B169-4F4E-8939-9041A1440FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{CC303A1B-443D-45D4-8711-CA49AACFA37B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{D6801F05-27D9-4F0F-82D7-0A54FAA909B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{E0345A07-F7E8-4BD9-9E7B-EC8635DE731E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{E1958243-8C8D-462A-89F2-F33C3B08FB2B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{F7CCC3AA-A79A-46AB-946E-A60DE4B7779B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{07FA29C6-D0F0-4BA8-B8AF-6A83FD3D95DD}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"TCP Query User{272C43FE-4CA8-4AE1-8E33-5C0F264E6256}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{287FBDAF-7550-4273-BFD3-C4E589370384}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{2F6F6F36-2E3A-4C48-A308-10E5F5E4BF82}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{5703A64C-5571-42C4-9D20-D5A5586A6137}C:\program files\microsoft games\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"TCP Query User{71693BFE-EC53-4B38-AE65-9AB0A3211790}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{958EA47B-B770-49E1-9228-1B3481707899}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{B48EFD8B-D122-48E1-A55A-55999735B27C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{C59B3A51-C496-4158-B7FC-C413C5B5E8A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{DD1490FC-B998-4396-A12D-E934D3B98BFE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{03A60979-3883-4CB7-AADF-496A3BEF901D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{1351C016-FBD4-4653-B945-4A7FF8D667C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{1BDCD1D3-856F-43E6-A104-510F6CF5180C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{1CA0C853-260E-4A63-B23A-27EA37C5FDFE}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe | 

"UDP Query User{2364E031-FF22-4AB6-984D-7B188108537F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{2765226B-053D-4D07-89DA-679D0DE3AD25}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{8C35B589-FE44-4FA7-88DA-9A403861121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{9ACDC592-8784-4F48-9B91-E3EC0D783075}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{E02B68B3-5A1F-4021-B41E-CAECFADD02CB}C:\program files\microsoft games\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\empire earth.exe | 

"UDP Query User{FBD68B5B-C9DA-49E1-AF7C-5AA55D1DA432}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30

"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0

"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup" = DivX-Setup

"DVDStyler_is1" = DVDStyler v1.8.2

"Foxit Reader" = Foxit Reader

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426

"Haushaltsbuch" = Haushaltsbuch

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"MyTomTom" = MyTomTom 3.0.2.363

"NVIDIA Drivers" = NVIDIA Drivers

"Opera 11.60.1185" = Opera 11.60

"Shockwave" = Shockwave

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 3.2.4

"ST6UNST #1" = CoveDesigner

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.11

"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter

"VSO DivxToDVD_is1" = DivxToDVD 0.5.2

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winmail Opener" = Winmail Opener 1.4

"WinRAR archiver" = WinRAR archiver

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7921

 

Error - 28.10.2010 13:31:11 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7921

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9875

 

Error - 28.10.2010 13:31:12 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9875

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11843

 

Error - 28.10.2010 13:31:14 | Computer Name = HasenPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11843

 

Error - 29.10.2010 15:30:28 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung FOXITR~1.EXE, Version 3.0.2009.1506, Zeitstempel

 0x49b4e85b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00d39298,  Prozess-ID 0x838, Anwendungsstartzeit

 01cb779f6f29cc18.

 

Error - 03.11.2010 08:05:22 | Computer Name = HasenPC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel

 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,

 Ausnahmecode 0xc0000029, Fehleroffset 0x00080754,  Prozess-ID 0x7a0, Anwendungsstartzeit

 01cb7b4f47b6065a.

 

[ OSession Events ]

Error - 02.06.2010 15:32:56 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:33:18 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.06.2010 15:35:09 | Computer Name = HasenPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 13.01.2012 15:14:39 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 13.01.2012 15:20:47 | Computer Name = HasenPC | Source = WinDefend | ID = 2004

Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.

 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte

 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine

 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 

Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen

 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie

 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.95.2986.0
 

        Ladende

 Modulversion: 1.1.6402.0

 

Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 13.01.2012 15:26:09 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 13.01.2012 17:10:33 | Computer Name = HasenPC | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

--- --- ---

daapool

13.01.2012 23:31

SUPERAntiSpyware Scann-Protokoll
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generiert 01/13/2012 bei 11:28 PM

Version der Applikation : 5.0.1142

Version der Kern-Datenbank : 8132
Version der Spur-Datenbank : 5944

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:03:08

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Gescannte Speicherelemente : 654
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 37724
Erfasste Register-Bedrohungen : 0

kira	14.01.2012 07:14

die Schritte 5. und 6. bitte noch

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Alle Zeitangaben in WEZ +1. Es ist jetzt 06:04 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131