Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Gozi-Befall auf einem oder mehreren von 4 Rechnern.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.11.2010, 21:38   #1
Uwe P.
 
Gozi-Befall auf einem oder mehreren von 4 Rechnern. - Standard

Gozi-Befall auf einem oder mehreren von 4 Rechnern.



Hallo, heute hat die comdirect mein Konto gesperrt. Auf Anfrage bekam ich die Info, das ich mich von einem Rechner mit Gozi-Befall eingeloggt habe. In verschiedenen Foren habe ich gelesen, das Gozi nicht nur Zugangsdaten stiehlt sondern auch zur Eingabe von Tans auffordert. Laut comdirect ist dem nicht so, sondern es würden nur Zugangsdaten abgefragt. Komischerweise wurde ich vor ca. 4 Wochen beim Einloggen von einem meiner Rechner aus (Fernsehzimmer) zur Eingabe von Tans aufgefordert. Also ist dort ein anderer Schädling unterwegs gewesen oder die Aussage der comdirect ist nicht korrekt.
Wie dem auch sei, irgendeiner oder mehrere meiner Rechner sind befallen. AnitVir Premium Suite hat mit den Standardeinstellungen nicht reagiert. Daher poste ich heute abend schonmal die OTL-Dateien von den ersten beiden Rechnern, morgen im Laufe des Tages die der beiden anderen. Sollte sich herausstellen, das es sich um nur einen Rechner halten, macht es dann Sinn, diesen erstmal stillzulegen und darauf zu hoffen, das in nächster Zeit ein Virenprogramm fähig ist, den Gozi zu entfernen oder ist das nicht ratsam? Hier auf jeden Fall schon mal die Dateien von den ersten beiden Rechnern. Dabei gehe ich nach dieser Beschreibung vor:

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.


Rechner 1 (Windows 7 Wohnzimmer):
OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2010 21:01:43 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Uwe\Downloads\Orbit
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 355,34 Gb Total Space | 168,75 Gb Free Space | 47,49% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 83,72 Gb Free Space | 85,74% Space Free | Partition Type: NTFS
Drive F: | 155,84 Gb Total Space | 116,55 Gb Free Space | 74,79% Space Free | Partition Type: NTFS
 
Computer Name: ACER-LAPTOP-UWE | User Name: Uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Users\Uwe\Downloads\Orbit\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Uwe\Downloads\Orbit\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (HFGService) -- C:\Windows\System32\HFGService.dll (CSR, plc)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys File not found
DRV - (cpuz130) -- C:\Users\Uwe\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BthAudioHF) -- C:\Windows\System32\drivers\BthAudioHF.sys (CSR, plc)
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (EgisTec)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Win 7 DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (VWiFiFlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (CA561) -- C:\Windows\System32\drivers\SPCA561.SYS (SP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7738
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7738
IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/
IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?referrer=theme_ign"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 11:45:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.19 05:52:16 | 000,000,000 | ---D | M]
 
[2010.02.24 08:34:06 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions
[2010.02.10 20:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.24 08:34:06 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.11.13 09:54:49 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions
[2010.04.28 03:22:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.12 14:44:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.09.09 03:16:38 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.05.21 04:57:03 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2010.11.07 09:28:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.01 19:24:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\firefox@tvunetworks.com
[2010.09.12 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxjpuw4o.default\extensions\vshare@toolbar
[2010.05.21 04:54:22 | 000,002,354 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Mozilla\FireFox\Profiles\dxjpuw4o.default\searchplugins\ecosia.xml
[2010.09.12 14:36:03 | 000,001,583 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Mozilla\FireFox\Profiles\dxjpuw4o.default\searchplugins\web-search.xml
[2010.11.01 11:10:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.14 06:27:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.23 04:54:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.19 19:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.31 11:45:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.31 11:45:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.31 11:45:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.31 11:45:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.31 11:45:17 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2293441134-2681655422-36759374-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 195.50.140.114
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.11.21 06:21:45 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4c34d0f2-f489-11de-b43e-001f16c0fe23}\Shell - "" = AutoRun
O33 - MountPoints2\{4c34d0f2-f489-11de-b43e-001f16c0fe23}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O33 - MountPoints2\{894bf66f-0d9c-11df-b41e-001f16c0fe23}\Shell - "" = AutoRun
O33 - MountPoints2\{894bf66f-0d9c-11df-b41e-001f16c0fe23}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{b167293c-ac02-11df-ba65-001f16c0fe23}\Shell - "" = AutoRun
O33 - MountPoints2\{b167293c-ac02-11df-ba65-001f16c0fe23}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d4bc936c-fdf0-11de-b59d-001f16c0fe23}\Shell - "" = AutoRun
O33 - MountPoints2\{d4bc936c-fdf0-11de-b59d-001f16c0fe23}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f661c02a-2745-11df-a204-000a94f54b73}\Shell - "" = AutoRun
O33 - MountPoints2\{f661c02a-2745-11df-a204-000a94f54b73}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Azureus - hkey= - key= - C:\Programme\Vuze\Azureus.exe (Vuze Inc.)
MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: WatchMyCam - hkey= - key= - C:\Programme\WatchMyCam\WatchMyCam.exe (www.WatchMyCam.de)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - MSH263.DRV File not found
Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.05 06:35:25 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010.11.05 06:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.11.05 06:14:49 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.11.05 06:13:35 | 000,105,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010.11.05 06:13:35 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010.11.05 06:13:27 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.11.05 06:13:27 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.05 06:13:26 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.11.05 06:13:26 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.11.05 06:13:25 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.11.05 06:13:25 | 009,818,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.11.05 06:13:25 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.11.05 06:13:25 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.11.05 06:13:25 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.11.05 06:13:25 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.11.05 06:13:23 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.11.05 06:13:23 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.11.05 06:13:23 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.11.05 06:13:17 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.11.05 05:03:12 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\GetRightToGo
[2010.11.03 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\Avira
[2010.11.03 19:57:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.11.03 19:57:11 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.03 19:57:11 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2010.11.03 19:57:11 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2010.11.03 19:57:11 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.03 19:57:11 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.26 19:37:42 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.10.26 19:37:42 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.10.26 19:37:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.10.26 19:37:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.10.26 19:37:34 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009.11.10 22:21:36 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.22 21:03:01 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.11.22 20:43:29 | 000,015,432 | ---- | M] () -- C:\Users\Uwe\Desktop\OTL.exe
[2010.11.22 20:24:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.22 20:07:01 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.11.22 19:23:53 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.22 19:23:53 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.22 19:19:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.22 19:16:50 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.22 19:16:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.11.22 19:16:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.22 19:16:22 | 2411,929,600 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.22 18:38:53 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.22 17:13:35 | 000,014,848 | ---- | M] () -- C:\Users\Uwe\Desktop\Bowlingtunier.xls
[2010.11.22 17:13:23 | 000,018,432 | ---- | M] () -- C:\Users\Uwe\Desktop\Stadionbegehung 28112010.xls
[2010.11.22 16:57:29 | 000,004,086 | ---- | M] () -- C:\Users\Uwe\Documents\zensus 2011.ideva
[2010.11.20 13:30:31 | 000,000,065 | ---- | M] () -- C:\Windows\Wor.INI
[2010.11.19 07:37:45 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.19 07:37:45 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.19 07:37:45 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.19 07:37:45 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.19 06:25:34 | 000,000,084 | ---- | M] () -- C:\Windows\Was.INI
[2010.11.16 06:07:46 | 000,000,085 | ---- | M] () -- C:\Windows\Wks.INI
[2010.11.14 11:49:19 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.11.10 18:31:18 | 000,018,432 | ---- | M] () -- C:\Users\Uwe\Desktop\Stadionbegehung.xls
[2010.11.10 06:14:52 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\ZVPlan.lnk
[2010.11.04 21:54:07 | 000,000,027 | ---- | M] () -- C:\Windows\Wop.INI
[2010.11.04 18:40:00 | 000,255,263 | ---- | M] () -- C:\Users\Uwe\Desktop\Uwe_1000x600.jpg
[2010.11.03 19:57:27 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.24 10:13:36 | 000,011,776 | ---- | M] () -- C:\Users\Uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2010.11.22 20:42:09 | 000,015,432 | ---- | C] () -- C:\Users\Uwe\Desktop\OTL.exe
[2010.11.22 16:57:29 | 000,004,086 | ---- | C] () -- C:\Users\Uwe\Documents\zensus 2011.ideva
[2010.11.14 11:49:19 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.11.10 18:31:28 | 000,018,432 | ---- | C] () -- C:\Users\Uwe\Desktop\Stadionbegehung 28112010.xls
[2010.11.05 06:13:27 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.11.04 18:40:00 | 000,255,263 | ---- | C] () -- C:\Users\Uwe\Desktop\Uwe_1000x600.jpg
[2010.11.03 19:57:27 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.11.01 14:24:13 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\ZVPlan.lnk
[2010.10.25 05:57:16 | 000,018,432 | ---- | C] () -- C:\Users\Uwe\Desktop\Stadionbegehung.xls
[2010.09.06 04:32:19 | 008,676,883 | ---- | C] () -- C:\Windows\System32\NCMedia2.dll
[2010.09.02 08:15:18 | 000,004,096 | -H-- | C] () -- C:\Users\Uwe\AppData\Local\keyfile3.drm
[2010.07.01 11:26:25 | 000,000,035 | ---- | C] () -- C:\Windows\Wmv.INI
[2010.05.09 03:34:13 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2010.05.04 06:25:47 | 000,000,051 | ---- | C] () -- C:\Windows\Wds.INI
[2010.04.04 06:06:01 | 000,000,027 | ---- | C] () -- C:\Windows\Wop.INI
[2010.03.18 07:47:59 | 000,000,060 | ---- | C] () -- C:\Windows\Wis.INI
[2010.02.07 10:49:08 | 000,011,776 | ---- | C] () -- C:\Users\Uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.07 09:58:40 | 000,000,000 | ---- | C] () -- C:\Windows\Waa.INI
[2010.02.03 19:06:44 | 000,000,028 | ---- | C] () -- C:\Windows\WPE.INI
[2009.12.09 18:33:55 | 000,000,084 | ---- | C] () -- C:\Windows\Was.INI
[2009.12.02 10:16:27 | 000,000,000 | ---- | C] () -- C:\Windows\WSB.INI
[2009.12.02 10:16:24 | 000,000,065 | ---- | C] () -- C:\Windows\Wor.INI
[2009.12.02 10:16:23 | 000,000,085 | ---- | C] () -- C:\Windows\Wks.INI
[2009.12.02 09:37:33 | 000,000,130 | ---- | C] () -- C:\Windows\uno.ini
[2009.11.26 19:09:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.26 08:25:35 | 000,008,114 | ---- | C] () -- C:\Users\Uwe\AppData\Local\MyWinLockerInstaller.txt-20091126.log
[2009.11.26 08:19:08 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.23 19:23:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.23 13:08:56 | 000,001,641 | ---- | C] () -- C:\Users\Uwe\AppData\Local\MyWinLockerInstaller.txt-20091123.log
[2009.11.19 20:25:18 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009.11.19 20:25:18 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009.11.19 20:25:18 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009.11.14 11:37:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.10 13:58:07 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009.08.27 20:04:44 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.08.27 20:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.08.27 20:03:52 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.08.25 19:07:36 | 000,683,520 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.08.25 18:38:04 | 000,238,080 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.08.25 17:56:56 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.08.25 17:37:02 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.02 18:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.06.02 18:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.06.02 18:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.06.02 18:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.06.02 18:14:30 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.06.02 18:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.06.02 18:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.06.02 18:11:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.06.02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.03.12 11:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.02.11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 21:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.01.10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009.01.10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009.01.10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009.01.10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009.01.10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009.01.10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009.01.10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009.01.10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009.01.10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009.01.10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.11.18 16:32:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009.11.18 16:32:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2010.05.25 04:09:36 | 000,000,000 | -HSD | M] -- C:\Users\Uwe\AppData\Roaming\.#
[2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Acer
[2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Acer GameZone Console
[2010.01.12 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Ashampoo
[2010.11.16 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Azureus
[2009.12.07 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.09.03 04:49:18 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DaCamYoWebcam
[2009.11.26 08:32:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DAEMON Tools Lite
[2009.12.26 08:07:37 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Funambol
[2010.11.05 05:09:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GetRightToGo
[2010.04.16 11:10:55 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GrabPro
[2010.02.26 06:05:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\hdbADS
[2010.09.19 03:44:46 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\JLC's Software
[2010.11.22 21:03:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\NetSpeedMonitor
[2010.11.22 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Orbit
[2009.11.19 06:26:38 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PowerCinema
[2010.08.20 04:27:08 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\ProgSense
[2010.05.09 03:33:31 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\ShareTV
[2009.12.05 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\SoftDMA
[2010.08.25 07:05:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Spamihilator
[2010.10.05 05:40:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TeamViewer
[2010.02.10 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Thunderbird
[2010.02.24 08:34:05 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TomTom
[2009.12.04 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TuneUp Software
[2010.08.13 04:13:53 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\XSManager
[2010.11.13 13:59:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.22 21:03:01 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.11.22 20:07:01 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.25 04:09:36 | 000,000,000 | -HSD | M] -- C:\Users\Uwe\AppData\Roaming\.#
[2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Acer
[2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Acer GameZone Console
[2009.12.07 12:53:19 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Adobe
[2010.01.12 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Ashampoo
[2010.11.03 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Avira
[2010.11.16 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Azureus
[2009.12.07 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.06.30 16:23:12 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\CyberLink
[2010.09.03 04:49:18 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DaCamYoWebcam
[2009.11.26 08:32:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DAEMON Tools Lite
[2010.06.15 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DivX
[2010.09.23 17:21:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\dvdcss
[2009.12.26 08:07:37 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Funambol
[2010.11.05 05:09:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GetRightToGo
[2009.11.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Google
[2010.04.16 11:10:55 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GrabPro
[2010.02.26 06:05:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\hdbADS
[2009.11.18 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Identities
[2009.11.18 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\InstallShield
[2010.09.19 03:44:46 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\JLC's Software
[2009.11.18 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Macromedia
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Media Center Programs
[2010.10.27 10:38:04 | 000,000,000 | --SD | M] -- C:\Users\Uwe\AppData\Roaming\Microsoft
[2009.11.23 08:29:29 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Mozilla
[2010.11.22 21:03:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\NetSpeedMonitor
[2010.11.22 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Orbit
[2009.11.19 06:26:38 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PowerCinema
[2010.08.20 04:27:08 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\ProgSense
[2010.02.06 17:52:48 | 000,000,000 | RH-D | M] -- C:\Users\Uwe\AppData\Roaming\SecuROM
[2010.05.09 03:33:31 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\ShareTV
[2010.11.19 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Skype
[2010.11.19 18:41:43 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\skypePM
[2009.12.05 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\SoftDMA
[2010.08.25 07:05:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Spamihilator
[2009.12.17 19:19:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\teamspeak2
[2010.10.05 05:40:23 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TeamViewer
[2010.02.10 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Thunderbird
[2010.02.24 08:34:05 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TomTom
[2009.12.04 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TuneUp Software
[2010.11.13 09:14:32 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\vlc
[2010.08.13 04:13:53 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\XSManager
 
< %APPDATA%\*.exe /s >
[2010.09.10 05:31:28 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Uwe\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2009.12.07 12:53:13 | 000,038,208 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.02.03 06:53:00 | 000,049,334 | R--- | M] () -- C:\Users\Uwe\AppData\Roaming\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_6F5BD9A189C47F56F83B7E.exe
[2010.02.03 06:53:00 | 000,049,334 | R--- | M] () -- C:\Users\Uwe\AppData\Roaming\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_6FEFF9B68218417F98F549.exe
[2010.02.03 06:53:00 | 000,049,334 | R--- | M] () -- C:\Users\Uwe\AppData\Roaming\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_C46CDCCA9E79F204FAD883.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 02:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys
[2009.02.12 02:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys
[2009.02.12 02:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e0c941a8b0e04b56\iaStor.sys
[2009.02.12 02:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_7009a7672ee571e2\iaStor.sys
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.11.26 08:19:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E

< End of report >
         
--- --- ---

Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.11.2010 21:01:43 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Uwe\Downloads\Orbit
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 355,34 Gb Total Space | 168,75 Gb Free Space | 47,49% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 83,72 Gb Free Space | 85,74% Space Free | Partition Type: NTFS
Drive F: | 155,84 Gb Total Space | 116,55 Gb Free Space | 74,79% Space Free | Partition Type: NTFS
 
Computer Name: ACER-LAPTOP-UWE | User Name: Uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2293441134-2681655422-36759374-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}" = STRATO Backup Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.6
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.79.326
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.10 beta
"8461-7759-5462-8226" = Vuze
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira Premium Security Suite
"CCleaner" = CCleaner
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.1.1 Home Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"IsoBuster_is1" = IsoBuster 2.8
"LManager" = Launch Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"POI FINDER (iGO My way 8)_is1" = POI FINDER 3.67 (iGO My way 8)
"RarZilla Free Unrar" = RarZilla Free Unrar
"SopCast" = SopCast 3.2.9
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 320" = Half-Life 2: Deathmatch
"STRATO Outlook Sync" = STRATO Outlook Sync 8.2.7
"Suunto Dive Manager_is1" = Suunto Dive Manager 3.1.0
"SuuntoUSBFTDIVista_is1" = Suunto USB Driver
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TuneUp Utilities" = TuneUp Utilities
"TVUPlayer" = TVUPlayer 2.5.3.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WatchMyCam_is1" = WatchMyCam - Live Video Streaming
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
"ZVPLAN" = ZVPLAN 1.0.14 
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.07.2010 04:04:36 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.07.2010 07:32:53 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.07.2010 08:02:05 | Computer Name = Acer-Laptop-Uwe | Source = Google Update | ID = 20
Description = 
 
Error - 07.07.2010 08:10:29 | Computer Name = Acer-Laptop-Uwe | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 07.07.2010 08:11:35 | Computer Name = Acer-Laptop-Uwe | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\windows
 live\messenger\wlcsdk.exe".  Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.07.2010 09:02:05 | Computer Name = Acer-Laptop-Uwe | Source = Google Update | ID = 20
Description = 
 
Error - 07.07.2010 11:40:53 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.07.2010 14:24:04 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.07.2010 23:30:37 | Computer Name = Acer-Laptop-Uwe | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.07.2010 03:00:21 | Computer Name = Acer-Laptop-Uwe | Source = Google Update | ID = 20
Description = 
 
[ Media Center Events ]
Error - 24.09.2010 21:17:37 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 08:17:37 - Fehler beim Herstellen der Internetverbindung.  08:17:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.09.2010 21:17:43 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 08:17:42 - Fehler beim Herstellen der Internetverbindung.  08:17:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.09.2010 23:19:01 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 10:19:01 - Fehler beim Herstellen der Internetverbindung.  10:19:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.09.2010 23:19:11 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 10:19:06 - Fehler beim Herstellen der Internetverbindung.  10:19:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.09.2010 02:48:42 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 13:48:42 - Fehler beim Herstellen der Internetverbindung.  13:48:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.09.2010 02:48:51 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 13:48:47 - Fehler beim Herstellen der Internetverbindung.  13:48:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.09.2010 04:01:16 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 15:01:16 - Fehler beim Herstellen der Internetverbindung.  15:01:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.09.2010 04:01:21 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 15:01:21 - Fehler beim Herstellen der Internetverbindung.  15:01:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.11.2010 15:38:50 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 20:38:50 - Fehler beim Herstellen der Internetverbindung.  20:38:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.11.2010 15:39:24 | Computer Name = Acer-Laptop-Uwe | Source = MCUpdate | ID = 0
Description = 20:39:20 - Fehler beim Herstellen der Internetverbindung.  20:39:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 19.11.2010 13:38:07 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 19.11.2010 13:38:07 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 20.11.2010 01:05:43 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 20.11.2010 01:05:43 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 21.11.2010 04:23:20 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 21.11.2010 04:23:20 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 22.11.2010 11:38:45 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 22.11.2010 11:38:45 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 22.11.2010 14:16:33 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "int15" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 22.11.2010 14:16:33 | Computer Name = Acer-Laptop-Uwe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
 
< End of report >
         
--- --- ---

Geändert von Uwe P. (22.11.2010 um 21:55 Uhr)

Alt 22.11.2010, 22:02   #2
Uwe P.
 
Gozi-Befall auf einem oder mehreren von 4 Rechnern. - Standard

Gozi-Befall auf einem oder mehreren von 4 Rechnern.



Rechner 2 (Windows XP Fernsehzimmer Partition Werkbank)
OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2010 21:48:49 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Cold Turkey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 23,33 Gb Free Space | 47,77% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 2,88 Gb Free Space | 7,37% Space Free | Partition Type: NTFS
Drive E: | 137,48 Gb Total Space | 76,99 Gb Free Space | 56,00% Space Free | Partition Type: NTFS
Drive G: | 39,06 Gb Total Space | 24,55 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
Drive H: | 219,96 Gb Total Space | 25,38 Gb Free Space | 11,54% Space Free | Partition Type: NTFS
 
Computer Name: ZENTRALE | User Name: Cold Turkey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vsnpstd3.exe ()
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\tsnpstd3.exe ()
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\nvueemon.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ASKUpgrade) -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Programme\AskBarDis\bar\bin\AskService.exe ()
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (InCDsrv) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys File not found
DRV - (CTERFXFX.DLL) -- C:\WINDOWS\System32\CTERFXFX.DLL File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.dll (Creative Technology Ltd.)
DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\ctsblfx.dll (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\cteapsfx.dll (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\ctaudfx.dll (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\commonfx.dll (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (HCW88BDA) -- C:\WINDOWS\system32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (hcw88rc5) -- C:\WINDOWS\system32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (HCW88AUD) -- C:\WINDOWS\system32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88TSE) -- C:\WINDOWS\system32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (CoolerXPDriver) -- C:\Programme\MSI\PC Alert 4\NTCooler.sys (Your Corporation)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten, aktuelle Schlagzeilen und Videos - n-tv.de
IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.04 18:28:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.12 13:29:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.20 12:36:41 | 000,000,000 | ---D | M]
 
[2008.11.22 18:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Extensions
[2008.04.29 14:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2010.11.15 16:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\48vnv62d.default\extensions
[2010.10.01 16:57:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\48vnv62d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.01 15:36:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\48vnv62d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.11.20 13:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\48vnv62d.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.11.15 16:01:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.08.14 16:19:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.08.14 16:19:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\google-gzfb@partners.mozilla.com
[2010.11.12 13:29:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.12 13:29:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.12 13:29:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.12 13:29:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.12 13:29:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.02 06:47:42 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Lite 3\PDF-XChange PDF Viewer\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [Helper] C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Helper\bin\liveu.exe ()
O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [Setinx] C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe\Update\widnat.exe ()
O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} hxxp://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/su/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 195.50.140.114
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.28 15:48:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.01.23 17:23:57 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9a7ac880-15eb-11dd-8b14-00000000cc8a}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: cleaarts - (C:\WINDOWS\system32\nvueemon.dll) - C:\WINDOWS\system32\nvueemon.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PC Alert 4.lnk - C:\Programme\MSI\PC Alert 4\PCAlert4.exe - ()
MsConfig - StartUpReg: C66 - hkey= - key= -  File not found
MsConfig - StartUpReg: LiveMonitor - hkey= - key= - C:\Programme\MSI\Live Update 3\LMonitor.exe ()
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programme\Steam\Steam.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {81F4E000-934B-44B4-3F11-97DA48E258CD} - Microsoft Windows Media Player
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.22 21:47:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe
[2010.11.20 12:45:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Recent
[2010.11.12 14:52:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Lokale Einstellungen\Anwendungsdaten\eSupport.com
[2010.11.12 14:45:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV34843120.TMP
[2010.11.12 14:35:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\GrabPro
[2010.11.12 14:34:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
[2010.11.12 14:31:13 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.11.12 14:23:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
[2010.11.12 14:16:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ProgSense
[2010.11.12 14:16:04 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader
[2010.11.12 14:16:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Orbit
[2010.11.12 14:07:10 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.11.12 13:55:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\vlc
[2010.11.12 13:49:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Eigene Dateien\Downloads
[2007.07.07 06:23:17 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2007.07.07 06:23:17 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll
[2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.22 21:50:06 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6206F2BB-D5C6-4556-8E05-8E5D3AD15B96}.job
[2010.11.22 21:48:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe
[2010.11.22 21:45:01 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.11.22 21:45:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.22 21:44:15 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.22 21:43:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.20 12:45:30 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.20 12:45:30 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.20 12:45:30 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.20 12:45:30 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.20 12:45:30 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.20 12:45:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.11.20 12:45:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.11.20 12:45:18 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
[2010.11.20 12:45:18 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK
[2010.11.15 16:48:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.11.15 16:48:25 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.11.15 16:11:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.12 14:52:48 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010.11.12 14:32:43 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.11.12 14:32:43 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.11.12 14:32:39 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.11.12 14:32:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010.11.12 14:16:08 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\Orbit.lnk
[2010.11.12 13:55:33 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.11.12 13:43:14 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.11.12 10:58:08 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.11.08 18:13:16 | 000,000,662 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\Verknüpfung mit CCleaner.lnk
[2010.11.02 17:56:02 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.11.02 17:56:02 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys
[2010.11.02 17:56:02 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.01 13:58:09 | 000,761,378 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.01 13:58:09 | 000,710,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.01 13:58:09 | 000,203,184 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.01 13:58:09 | 000,012,784 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.29 13:40:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.29 13:40:11 | 000,055,808 | -H-- | M] () -- C:\WINDOWS\System32\nvueemon.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.15 16:49:42 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK
[2010.11.15 16:48:25 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.11.15 16:48:25 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.11.12 14:16:08 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\Orbit.lnk
[2010.11.12 13:55:33 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.11.08 18:13:16 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\Verknüpfung mit CCleaner.lnk
[2010.10.29 13:40:11 | 000,055,808 | -H-- | C] () -- C:\WINDOWS\System32\nvueemon.dll
[2010.10.22 05:04:12 | 000,079,944 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.09.11 15:31:37 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.12.24 12:54:33 | 000,006,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kommagetrennte Werte (Windows).EML
[2008.12.23 21:44:36 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\$_hpcst$.hpc
[2008.10.07 17:33:15 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008.10.07 17:33:15 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.10.07 17:33:14 | 000,247,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2008.08.05 06:21:07 | 000,000,091 | ---- | C] () -- C:\WINDOWS\FENSTER.INI
[2008.08.05 06:20:44 | 000,000,102 | ---- | C] () -- C:\WINDOWS\GSAUF.INI
[2008.06.22 13:59:12 | 000,062,665 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\mdb.bin
[2008.06.06 18:20:57 | 000,000,430 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2008.06.06 18:19:32 | 000,000,253 | ---- | C] () -- C:\WINDOWS\BUHL.INI
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.11.18 15:57:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2007.11.11 11:44:34 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007.11.11 11:44:34 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007.10.22 11:56:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2007.09.11 19:54:49 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.09.11 19:54:49 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PnkBstrK.sys
[2007.09.11 17:37:39 | 000,000,313 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.09.07 09:03:26 | 000,162,304 | ---- | C] () -- C:\Programme\UNWISE.EXE
[2007.09.07 09:03:26 | 000,005,933 | ---- | C] () -- C:\Programme\INSTALL.LOG
[2007.08.03 21:56:36 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Wds.INI
[2007.07.24 21:15:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\WPE.INI
[2007.07.24 14:04:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Wmv.INI
[2007.07.24 14:03:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Wsv.INI
[2007.07.24 12:25:15 | 000,000,066 | ---- | C] () -- C:\WINDOWS\WSB.INI
[2007.07.24 12:24:36 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Wis.INI
[2007.07.24 12:23:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waa.INI
[2007.07.24 12:22:50 | 000,000,077 | ---- | C] () -- C:\WINDOWS\Wks.INI
[2007.07.24 12:21:48 | 000,000,080 | ---- | C] () -- C:\WINDOWS\Was.INI
[2007.07.24 12:21:23 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Wop.INI
[2007.07.24 12:21:07 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Wor.INI
[2007.07.24 12:16:22 | 000,000,130 | ---- | C] () -- C:\WINDOWS\uno.ini
[2007.07.07 06:24:31 | 000,032,345 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2007.07.02 18:48:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2007.07.01 06:30:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\gidReg.dll
[2007.07.01 06:30:27 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\sx32w.dll
[2007.07.01 06:30:26 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\TUTILITY.DLL
[2007.04.26 15:37:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007.04.19 11:13:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.04.10 19:37:26 | 000,009,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft Excel.CAL
[2007.04.10 19:01:43 | 000,025,732 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft Excel.ADR
[2007.04.10 18:27:40 | 000,022,249 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR
[2007.04.10 10:31:39 | 000,022,607 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2007.03.24 09:12:29 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007.03.10 11:32:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.02.21 14:57:39 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2007.02.15 13:53:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007.02.13 19:22:40 | 000,036,864 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\linRegedit.exe
[2007.02.13 19:22:40 | 000,024,576 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\liNearInstallGuard.exe
[2007.02.07 12:01:40 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\gsbest32.dll
[2007.02.01 14:30:56 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007.02.01 10:53:40 | 000,030,706 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007.02.01 10:44:35 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007.02.01 10:44:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007.02.01 10:43:40 | 000,001,998 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007.01.25 13:45:04 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[2007.01.25 12:40:09 | 000,000,476 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.01.25 09:10:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.01.22 19:40:22 | 000,000,497 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007.01.22 12:51:16 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.01.22 06:14:59 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.01.21 10:45:22 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2006.10.31 15:44:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006.09.15 21:14:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.08.11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006.07.01 15:13:24 | 000,001,365 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.06.01 22:07:34 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.05.23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006.02.08 13:38:10 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.01.28 11:22:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006.01.27 15:32:24 | 000,221,696 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.01.07 08:37:57 | 000,000,297 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.12.28 16:43:12 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2005.12.28 15:37:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.06.16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.02.19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002.12.14 22:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002.12.14 22:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.12.14 22:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.12.14 21:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002.11.15 13:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002.09.23 12:11:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2002.05.28 02:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001.06.24 10:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
 
========== LOP Check ==========
 
[2007.02.09 13:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2007.01.22 13:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2008.09.21 10:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2008.01.20 00:38:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2009.06.11 12:51:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2010.10.01 13:53:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2008.07.09 04:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HSETU
[2009.04.09 20:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLive
[2009.04.10 07:07:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLiveVA
[2007.09.13 17:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sage(2)
[2010.10.13 17:57:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2008.10.08 19:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SnitchPlusData
[2007.04.26 15:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2009.10.06 18:34:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.04.29 14:14:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2007.01.21 13:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2006.01.07 09:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\.bittorrent
[2007.02.09 13:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ACD Systems
[2008.09.21 10:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Ashampoo
[2010.11.08 18:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus
[2009.06.11 12:51:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Buhl Data Service
[2008.05.21 17:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\concept design
[2008.10.21 19:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\DAEMON Tools
[2007.03.22 08:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\FUJIFILM
[2010.01.04 16:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Funambol
[2010.11.12 14:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\GrabPro
[2008.07.09 04:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\HSETU
[2009.11.26 18:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ImgBurn
[2007.05.15 06:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kana Solution
[2007.04.04 12:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Musicmatch
[2009.07.31 15:22:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\MyPhoneExplorer
[2009.06.27 08:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\OpenOffice.org
[2010.11.22 21:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Orbit
[2009.04.09 20:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PPLiveVA
[2010.11.12 14:16:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ProgSense
[2009.06.30 05:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PTS_GetSolar
[2010.10.14 05:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TeamViewer
[2007.04.26 11:29:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Teleca
[2008.04.29 14:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TomTom
[2009.06.27 09:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software
[2010.10.13 16:42:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TrusteerHelp
[2007.01.21 13:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TuneUp Software
[2007.12.23 15:07:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TVcentral-Core
[2009.06.06 07:31:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\WordToPDF
[2010.10.15 16:25:25 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2010.11.22 21:50:06 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6206F2BB-D5C6-4556-8E05-8E5D3AD15B96}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2006.01.07 09:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\.bittorrent
[2007.02.09 13:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ACD Systems
[2010.10.22 04:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe
[2008.05.15 04:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\AdobeUM
[2007.02.02 17:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Ahead
[2006.01.02 17:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Apple Computer
[2008.09.21 10:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Ashampoo
[2010.10.01 16:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Avira
[2010.11.08 18:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus
[2009.06.11 12:51:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Buhl Data Service
[2008.05.21 17:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\concept design
[2007.10.23 05:42:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Creative
[2008.10.21 19:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\DAEMON Tools
[2007.07.08 19:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\DivX
[2007.07.07 07:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\dvdcss
[2007.03.22 08:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\FUJIFILM
[2010.01.04 16:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Funambol
[2006.05.28 14:06:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Google
[2010.11.12 14:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\GrabPro
[2006.05.26 17:57:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Help
[2010.10.14 17:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Helper
[2008.07.09 04:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\HSETU
[2005.12.28 15:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Identities
[2009.11.26 18:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ImgBurn
[2007.11.27 21:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\InstallShield
[2007.05.15 06:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Kana Solution
[2007.09.04 18:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Macromedia
[2010.10.14 04:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Malwarebytes
[2010.10.13 18:26:45 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft
[2008.04.29 14:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla
[2007.04.04 12:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Musicmatch
[2009.07.31 15:22:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\MyPhoneExplorer
[2009.06.27 08:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\OpenOffice.org
[2010.11.22 21:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Orbit
[2009.04.09 20:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PPLiveVA
[2010.11.12 14:16:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\ProgSense
[2009.06.30 05:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PTS_GetSolar
[2009.09.12 06:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Real
[2007.07.11 17:42:08 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\SecuROM
[2010.11.22 21:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Skype
[2010.11.22 21:46:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\skypePM
[2007.04.26 16:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Sony Ericsson
[2006.01.07 09:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Sun
[2007.01.22 12:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Symantec
[2008.08.14 16:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Talkback
[2005.12.28 17:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\teamspeak2
[2010.10.14 05:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TeamViewer
[2007.04.26 11:29:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Teleca
[2008.04.29 14:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TomTom
[2009.06.27 09:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software
[2010.10.13 16:42:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TrusteerHelp
[2007.01.21 13:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TuneUp Software
[2007.12.23 15:07:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TVcentral-Core
[2005.12.28 17:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Ventrilo
[2010.11.15 16:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\vlc
[2009.06.06 07:31:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\WordToPDF
 
< %APPDATA%\*.exe /s >
[2007.02.06 09:35:11 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2008.05.15 04:16:59 | 022,319,360 | ---- | M] (                                   ) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe
[2010.10.26 17:24:16 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe\Update\widnat.exe
[2009.09.29 19:22:29 | 007,154,255 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus\plugins\azemp\azmplay.exe
[2009.09.29 19:22:02 | 010,686,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus\plugins\azump\mplayer.exe
[2010.10.14 17:38:36 | 000,069,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Helper\bin\liveu.exe
[2010.10.13 18:26:45 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2009.06.27 08:35:37 | 000,564,224 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\uno_packages\BA.tmp_\pdfimport[1].oxt\xpdfimport.exe
[2009.06.27 09:23:10 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe
[2009.06.27 09:24:26 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[1].exe
[2009.06.27 10:00:11 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[2].exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.10.13 20:46:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.10.13 20:46:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\XPCD\I386\sp2.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.10.13 20:46:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.10.13 20:46:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\XPCD\I386\sp2.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\EVENTLOG.DLL
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\UBCD4Win\BartPE\I386\SYSTEM32\NETLOGON.DLL
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.10\IDE\Win2K\NvAtaBus.sys
[2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.10\IDE\WinXP\NvAtaBus.sys
[2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SCECLI.DLL
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USER32.DLL
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USERINIT.EXE
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\WS2IFSL.SYS
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.10.21 19:18:23 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2005.12.28 16:35:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.12.28 16:35:42 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.12.28 16:35:42 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0

< End of report >
         
--- --- ---

Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.11.2010 21:48:49 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Cold Turkey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 23,33 Gb Free Space | 47,77% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 2,88 Gb Free Space | 7,37% Space Free | Partition Type: NTFS
Drive E: | 137,48 Gb Total Space | 76,99 Gb Free Space | 56,00% Space Free | Partition Type: NTFS
Drive G: | 39,06 Gb Total Space | 24,55 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
Drive H: | 219,96 Gb Total Space | 25,38 Gb Free Space | 11,54% Space Free | Partition Type: NTFS
 
Computer Name: ZENTRALE | User Name: Cold Turkey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found
"C:\Programme\concept design\onlineTV 4\onlineTV.exe" = C:\Programme\concept design\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{53E4E432-2884-40CE-BCAF-88D925A299A6}" = SYNC 'N' GO
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71E42058-1C26-4B3B-ACEE-9583AD5F20B8}" = ACDSee Pro
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A9E76-1079-445D-B9A1-6DBB9420F7C3}" = Sony Ericsson PC Suite
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B184A2F7-3EC8-4B86-8412-27E0D53BA535}" = Philips GoGear HDD Device Manager
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ask Toolbar_is1" = Vuze Toolbar
"AudioConSole" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira Premium Security Suite
"Azureus" = Azureus
"BitTorrent" = BitTorrent 4.2.2
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.6.1 Beta 3
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DriverAgent.exe" = DriverAgent by eSupport.com
"DTS Console" = DTS Neo:6-Einstellungen
"DynGate" = DynGate
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImgBurn" = ImgBurn
"InCD!UninstallKey" = InCD
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{53E4E432-2884-40CE-BCAF-88D925A299A6}" = SYNC 'N' GO
"InstallShield_{B184A2F7-3EC8-4B86-8412-27E0D53BA535}" = Philips GoGear HDD Device Manager
"LIDL Fotoservice_is1" = LIDL Fotoservice
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 0.9.9
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Live Update 3" = MSI Live Update 3
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Orbit_is1" = Orbit Downloader
"PC Alert 4" = PC Alert 4
"PDF-XChange Lite 3_is1" = PDF-XChange Lite 3
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Scrolling Countdown ScreenSaver_is1" = Scrolling Countdown ScreenSaver 2.2
"Security Task Manager" = Security Task Manager 1.6f
"SLD Codec Pack" = SLD Codec Pack
"SSC Service Utility_is1" = SSC Service Utility v4.30
"STRATO Outlook Sync" = STRATO Outlook Sync 8.2.7
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 3" = TeamViewer 3
"TomTom HOME" = TomTom HOME 2.6.3.1609
"Update Service" = Update Service
"VDOTool_is1" = VDOTool 4.6
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Album Generator_is1" = Web Album Generator 1.8.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WM Recorder 12.1" = WM Recorder 12.1
"WM Recorder 12.2" = WM Recorder 12.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.0.9.3
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1417001333-725345543-1583954581-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.10.2010 23:51:40 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0257a611.
 
Error - 21.10.2010 23:55:26 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0264a611.
 
Error - 26.10.2010 12:24:10 | Computer Name = ZENTRALE | Source = ESENT | ID = 490
Description = svchost (1636) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\edb.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 26.10.2010 12:24:10 | Computer Name = ZENTRALE | Source = ESENT | ID = 439
Description = Catalog Database (1636) Die Shadowkopfzeile für Datei C:\WINDOWS\system32\CatRoot2\edb.chk
 konnte nicht geschrieben werden. Fehler -1032.
 
Error - 01.11.2010 08:57:20 | Computer Name = ZENTRALE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.8325.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 04.11.2010 12:26:10 | Computer Name = ZENTRALE | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
 faulting module outllib.dll, version 11.0.8325.0, stamp 4bf59129, debug? 0, fault
 address 0x0025b71e.
 
Error - 04.11.2010 12:26:23 | Computer Name = ZENTRALE | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 12.11.2010 08:30:23 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.18975, Fehleradresse 0x000a0e71.
 
Error - 12.11.2010 08:31:18 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.18975, Fehleradresse 0x0042e98d.
 
Error - 12.11.2010 10:58:22 | Computer Name = ZENTRALE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung orbitdm.exe, Version 4.0.0.4, fehlgeschlagenes
 Modul softupdater.dll, Version 1.0.0.2, Fehleradresse 0x00043fca.
 
[ System Events ]
Error - 12.10.2010 12:49:12 | Computer Name = ZENTRALE | Source = Service Control Manager | ID = 7034
Description = Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 12.10.2010 12:49:22 | Computer Name = ZENTRALE | Source = Service Control Manager | ID = 7034
Description = Dienst "InCD Helper" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 12.10.2010 12:49:26 | Computer Name = ZENTRALE | Source = Service Control Manager | ID = 7031
Description = Der Dienst "ASKUpgrade" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Starten Sie den Dienst neu..
 
Error - 14.10.2010 02:23:19 | Computer Name = ZENTRALE | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 29.10.2010 08:40:52 | Computer Name = ZENTRALE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
 
< End of report >
         
--- --- ---
__________________


Alt 22.11.2010, 22:02   #3
Uwe P.
 
Gozi-Befall auf einem oder mehreren von 4 Rechnern. - Standard

Gozi-Befall auf einem oder mehreren von 4 Rechnern.



Rechner 2 (Windows XP Fernsehzimmer Partition Spielbank)
OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2010 22:11:43 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Cold Turkey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 2,81 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 24,55 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
Drive E: | 219,96 Gb Total Space | 25,38 Gb Free Space | 11,54% Space Free | Partition Type: NTFS
Drive H: | 48,83 Gb Total Space | 23,35 Gb Free Space | 47,81% Space Free | Partition Type: NTFS
Drive I: | 137,48 Gb Total Space | 76,99 Gb Free Space | 56,00% Space Free | Partition Type: NTFS
Drive N: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: KALTERENTZUG | User Name: Cold Turkey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.22 22:11:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe
PRC - [2010.11.15 18:36:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.15 18:36:01 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2010.11.15 18:36:01 | 000,403,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.11.15 18:36:01 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.11.15 18:36:01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.15 18:36:01 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.22 05:11:04 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.05.14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007.10.10 19:35:06 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006.11.03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MsMpEng.exe
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006.08.11 14:56:02 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.22 22:11:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006.08.11 14:56:02 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.11.15 18:36:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.15 18:36:01 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010.11.15 18:36:01 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.11.15 18:36:01 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.11.15 18:36:01 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.11.15 18:36:02 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.15 18:36:02 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2010.11.15 18:36:02 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.22 07:23:22 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.10.22 05:11:47 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.10.22 05:11:45 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2010.10.22 05:11:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 19:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007.01.25 14:58:36 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006.08.11 14:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006.08.11 14:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006.08.11 14:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006.08.11 14:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006.08.11 14:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006.08.11 14:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006.08.11 14:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006.08.11 14:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006.08.11 14:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005.11.10 17:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004.04.30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2004.04.02 15:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2004.01.29 01:45:50 | 000,093,764 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-507921405-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/
IE - HKU\S-1-5-21-507921405-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "hxxp://n-tv.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=ffds1&p="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.16 17:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.16 17:09:32 | 000,000,000 | ---D | M]
 
[2010.03.19 21:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Extensions
[2009.06.21 12:07:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla\Firefox\Profiles\4klqi675.default\extensions
[2010.11.22 18:03:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.22 05:26:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.22 05:11:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 05:11:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 05:11:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 05:11:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 05:11:36 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-507921405-1606980848-725345543-1003..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [scan_after_setup] c:\programme\avira\antivir desktop\avcenter.exe (Avira GmbH)
O4 - HKU\S-1-5-18..\RunOnce: [scan_after_setup] c:\programme\avira\antivir desktop\avcenter.exe (Avira GmbH)
O4 - HKLM..\RunServices: [Messenger Service]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistrytools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169572871140 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/su/ocx/15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 195.50.140.114
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.01.23 17:23:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.12.28 15:48:39 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.05.23 00:22:41 | 001,187,840 | R--- | M] () - N:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.05.23 00:22:41 | 001,187,840 | R--- | M] () - N:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.05.23 00:22:40 | 000,000,043 | R--- | M] () - N:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55182706186649600)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.22 22:10:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe
[2010.11.22 18:23:08 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Cold Turkey\Recent
[2010.11.15 18:37:11 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.11.15 18:15:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Cold Turkey\IECompatCache
[2010.11.12 15:22:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
[2010.11.12 15:21:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.11.12 15:20:32 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010.11.12 15:20:31 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2010.11.12 15:20:31 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2010.11.12 15:20:29 | 013,012,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010.11.12 15:19:51 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.11.12 15:19:14 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2007.01.25 14:50:35 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2007.01.25 14:50:35 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.22 22:11:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Cold Turkey\Desktop\OTL.exe
[2010.11.22 22:09:41 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.11.22 22:07:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.22 22:05:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.22 18:25:11 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.22 18:25:11 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.22 18:25:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.22 18:25:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.22 18:25:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.11.22 18:25:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.11.22 18:25:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.11.22 18:23:51 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
[2010.11.22 18:23:51 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK
[2010.11.15 18:36:02 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.11.15 18:36:02 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys
[2010.11.15 18:36:02 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.12 15:20:50 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.11.12 15:20:50 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.11.12 15:20:48 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.11.12 15:20:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010.11.12 15:10:56 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.12 15:10:56 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.12 15:10:56 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.12 15:10:56 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.12 14:08:48 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.11.12 14:08:35 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.22 18:23:51 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK
[2010.11.12 15:20:50 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.11.12 15:20:48 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.11.12 15:20:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.11.12 15:20:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010.11.12 15:20:29 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2008.01.09 12:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.12.11 20:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.10.12 16:18:15 | 000,079,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.10 20:04:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.10.10 20:04:05 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\PnkBstrK.sys
[2007.10.10 20:03:28 | 000,000,308 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.01.25 15:32:39 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007.01.25 15:32:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2007.01.25 15:32:39 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007.01.25 14:58:36 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.01.23 17:59:17 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.01.23 17:11:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.08.11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006.05.23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005.06.16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004.12.14 12:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.14 12:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.08.04 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004.08.04 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004.08.04 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004.08.04 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004.08.04 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004.08.04 13:00:00 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2003.02.19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
========== LOP Check ==========
 
[2008.03.30 11:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2010.11.15 18:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus
[2008.05.01 08:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TeamViewer
[2010.11.22 22:09:41 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.02.23 11:08:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Adobe
[2010.10.22 05:29:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Avira
[2010.11.15 18:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus
[2007.01.25 15:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Creative
[2007.10.13 18:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\DivX
[2008.08.12 14:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\dvdcss
[2007.01.25 15:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Google
[2007.01.23 17:30:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Identities
[2007.10.10 20:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\InstallShield
[2007.01.23 17:56:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Macromedia
[2008.10.03 21:46:57 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft
[2010.03.19 21:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Mozilla
[2008.10.04 22:23:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\MSN6
[2007.10.10 20:30:28 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\SecuROM
[2008.09.26 20:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Skype
[2008.10.13 08:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Sun
[2007.01.25 16:27:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\teamspeak2
[2008.05.01 08:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\TeamViewer
[2008.08.12 14:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\vlc
 
< %APPDATA%\*.exe /s >
[2009.10.11 15:27:07 | 007,154,255 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus\plugins\azemp\azmplay.exe
[2009.10.11 17:20:23 | 010,686,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Azureus\plugins\azump\mplayer.exe
[2008.02.26 21:32:17 | 000,029,184 | R--- | M] () -- C:\Dokumente und Einstellungen\Cold Turkey\Anwendungsdaten\Microsoft\Installer\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.11.01 15:23:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.11.01 15:23:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.11.01 15:23:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.11.01 15:23:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2007.01.25 14:58:36 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2007.01.23 18:09:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.01.23 18:09:11 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.01.23 18:09:10 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010.09.10 06:47:46 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         
--- --- ---

Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.11.2010 22:11:43 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Cold Turkey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 2,81 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 24,55 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
Drive E: | 219,96 Gb Total Space | 25,38 Gb Free Space | 11,54% Space Free | Partition Type: NTFS
Drive H: | 48,83 Gb Total Space | 23,35 Gb Free Space | 47,81% Space Free | Partition Type: NTFS
Drive I: | 137,48 Gb Total Space | 76,99 Gb Free Space | 56,00% Space Free | Partition Type: NTFS
Drive N: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: KALTERENTZUG | User Name: Cold Turkey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HLSW\hlsw.exe" = C:\Programme\HLSW\hlsw.exe:*:Enabled:hlsw -- (Stripf Software)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- File not found
"C:\Programme\Steam\SteamApps\onlineterror\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\onlineterror\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\onlineterror\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\onlineterror\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic.exe:*:Enabled:WORLD IN CONFLICT -- (Massive Entertainment)
"C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe:*:Enabled:WORLD IN CONFLICT - Nur Online -- (Massive Entertainment)
"C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe:*:Enabled:WORLD IN CONFLICT - Dedizierter Server -- ()
"C:\Programme\Steam\steam.exe" = C:\Programme\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Programme\THQ\Company of Heroes\RelicCOH.exe" = E:\Programme\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH -- File not found
"C:\Programme\Steam\SteamApps\common\eve online\bin\ExeFile.exe" = C:\Programme\Steam\SteamApps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- File not found
"H:\Programme\Azureus\Azureus.exe" = H:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\THQ\Company of Heroes\RelicCOH.exe" = D:\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH -- File not found
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- File not found
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}" = Windows Media Player 9 Series Winter Fun Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =                             
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioConSole" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira Premium Security Suite
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"getPlus(R)_ocx" = getPlus(R)_ocx
"HLSW_is1" = HLSW v1.2.0.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}" = Enemy Territory - QUAKE Wars(TM) 1.1 Patch
"InstallShield_{2EC66D1C-4AF5-4811-BEDE-849D90461AF5}" = Enemy Territory - QUAKE Wars(TM) 1.2 Patch
"InstallShield_{BCA71D05-6BC9-4735-BA3F-7218EBE6A023}" = Enemy Territory - QUAKE Wars(TM) 1.4 Patch
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-507921405-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial" = World of Warcraft Trial
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.06.2009 07:28:03 | Computer Name = KALTERENTZUG | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mercenaries2.exe, Version 0.1.0.0, fehlgeschlagenes
 Modul mercenaries2.exe, Version 0.1.0.0, Fehleradresse 0x0005b590.
 
Error - 11.10.2009 03:39:02 | Computer Name = KALTERENTZUG | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024400e, P2 unspecified, P3 unspecified,
 P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 
NIL, P10 NIL.
 
Error - 11.10.2009 10:27:55 | Computer Name = KALTERENTZUG | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Azureus.exe, Version 4.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.03.2010 14:55:13 | Computer Name = KALTERENTZUG | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80244015, P2 endsearch, P3 search, P4 1.1.1593.0,
 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
 
Error - 19.03.2010 14:58:22 | Computer Name = KALTERENTZUG | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
 P10 NIL.
 
Error - 22.10.2010 00:20:56 | Computer Name = KALTERENTZUG | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 22.10.2010 00:20:56 | Computer Name = KALTERENTZUG | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 12.11.2010 10:17:59 | Computer Name = KALTERENTZUG | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 12.11.2010 10:17:59 | Computer Name = KALTERENTZUG | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.11.2010 12:09:15 | Computer Name = KALTERENTZUG | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3937,
 fehlgeschlagenes Modul xul.dll, Version 1.9.2.3937, Fehleradresse 0x00440ce2.
 
[ System Events ]
Error - 19.03.2010 15:51:37 | Computer Name = KALTERENTZUG | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Internet Explorer*8 für Windows*XP
 
Error - 22.10.2010 00:11:53 | Computer Name = KALTERENTZUG | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert.  
 
Error - 22.10.2010 00:11:53 | Computer Name = KALTERENTZUG | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 22.10.2010 00:11:53 | Computer Name = KALTERENTZUG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\DOKUME~1\COLDTU~1\LOKALE~1\Temp\avnwldrtemp\setup\redist.dll
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 22.10.2010 00:16:40 | Computer Name = KALTERENTZUG | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Internet Explorer*8 für Windows*XP
 
 
< End of report >
         
--- --- ---
__________________

Geändert von Uwe P. (22.11.2010 um 22:20 Uhr)

Alt 23.11.2010, 07:29   #4
Uwe P.
 
Gozi-Befall auf einem oder mehreren von 4 Rechnern. - Standard

Gozi-Befall auf einem oder mehreren von 4 Rechnern.



Rechner 3 (Windows XP Keller AMD):
OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.11.2010 07:10:39 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Uwe P\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 22,86 Gb Total Space | 7,39 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
Drive D: | 109,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 58,59 Gb Total Space | 32,05 Gb Free Space | 54,70% Space Free | Partition Type: NTFS
Drive F: | 37,93 Gb Total Space | 11,30 Gb Free Space | 29,78% Space Free | Partition Type: NTFS
Drive J: | 272,60 Gb Total Space | 109,63 Gb Free Space | 40,22% Space Free | Partition Type: NTFS
 
Computer Name: BUERO | User Name: Uwe P | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Uwe P\Desktop\OTL.exe (OldTimer Tools)
PRC - e:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - e:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - e:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\Programme\Gigaset DECT\talk&surf_6_0\semon21.exe (Siemens AG)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vsnpstd3.exe ()
PRC - E:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe (Siemens)
PRC - C:\WINDOWS\system32\SerExt.exe (Siemens AG)
PRC - E:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe (EllSoft Software Development & Design                                  )
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Uwe P\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\IJPLMSVC.EXE File not found
SRV - (TomTomHOMEService) -- e:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (xControlCOM) -- E:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe (Siemens)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (Gigusb) -- C:\WINDOWS\system32\drivers\Gigusb.sys (Siemens AG)
DRV - (DectEnum) -- C:\WINDOWS\system32\drivers\DectEnum.sys (Siemens AG)
DRV - (siellif) -- C:\WINDOWS\system32\drivers\siellif.sys (Siemens AG)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (IUAPIWDM) ISDN USB Interface (Ver. 1.20.0032) -- C:\WINDOWS\system32\drivers\IUAPIWDM.sys (SIEMENS AG)
DRV - (HRCMPA) ISDN Wan driver (Ver. 1.20.0032) -- C:\WINDOWS\system32\drivers\hrcmpa.sys (SIEMENS AG)
DRV - (NDISCAPI) -- C:\WINDOWS\system32\drivers\ndiscapi.sys (SIEMENS AG)
DRV - (CAPI) -- C:\WINDOWS\system32\drivers\capi.sys (SIEMENS AG)
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (STIrUsb) -- C:\WINDOWS\system32\drivers\irstusb.sys (SigmaTel, Inc.)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (rtl8180) -- C:\WINDOWS\system32\drivers\RTL8180.sys (Realtek Semiconductor Corporation                           )
DRV - (BrParWdm) Brother WDM-Treiber (parallel) -- C:\WINDOWS\system32\drivers\BrParwdm.sys (Brother Industries Ltd.)
DRV - (brparimg) -- C:\WINDOWS\system32\drivers\BrParImg.sys (Brother Industries Ltd.)
DRV - (BrSerWDM) Brother WDM-Treiber (seriell) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1708537768-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten, aktuelle Schlagzeilen und Videos - n-tv.de
IE - HKU\S-1-5-21-1708537768-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.05 10:44:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.05 07:47:10 | 000,000,000 | ---D | M]
 
[2009.07.30 08:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla\Extensions
[2009.07.30 08:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2010.11.17 09:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla\Firefox\Profiles\5k0t6z2u.default\extensions
[2010.08.16 11:50:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla\Firefox\Profiles\5k0t6z2u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.17 09:43:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.05 10:19:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.04 11:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.05 07:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.17 07:31:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.17 07:31:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.17 07:31:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.17 07:31:33 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.17 07:31:33 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.05.13 17:26:41 | 000,239,031 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	132???
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	Naruto Episode 130 | Toyota Auris | Cash Advance | Debt Consolidation | Insurance at 136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 8359 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - e:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - e:\Programme\Tracker Software\PDF-XChange Lite 3\PDF-XChange PDF Viewer\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1708537768-706699826-854245398-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SerExt] C:\WINDOWS\System32\SerExt.exe (Siemens AG)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1708537768-706699826-854245398-1003..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1708537768-706699826-854245398-1003..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Uwe P\Startmenü\Programme\Autostart\CAPI - Monitor.lnk = E:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe (EllSoft Software Development & Design                                  )
O4 - Startup: C:\Dokumente und Einstellungen\Uwe P\Startmenü\Programme\Autostart\talk&surf 6.0 - Monitor.lnk = E:\Programme\Gigaset DECT\talk&surf_6_0\semon21.exe (Siemens AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - e:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - e:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - e:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - e:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210707207913 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Uwe P\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Uwe P\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.13 16:50:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.05.26 08:34:58 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{62ce1b70-a11a-11df-b847-00030d0333d9}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{62ce1b70-a11a-11df-b847-00030d0333d9}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{aeac31e0-7cda-11de-b62e-00030d0333d9}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Start.exe -- [2010.06.28 09:32:32 | 001,255,424 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - e:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55182706186649600)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.23 07:09:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Uwe P\Desktop\OTL.exe
[2010.11.21 10:58:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Uwe P\Recent
[2010.11.15 08:23:24 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2010.11.05 10:21:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\vlc
[2010.11.05 10:10:57 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.11.05 08:41:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.11.05 08:25:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.11.05 08:03:19 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010.11.05 07:50:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.11.05 07:50:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.11.05 07:50:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.11.05 07:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
[2010.11.05 07:38:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ProgSense
[2010.11.05 07:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Orbit
[2010.11.03 15:54:28 | 000,000,000 | ---D | C] -- C:\ATI
[2010.11.03 13:15:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConSoft
[2010.11.03 11:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Avira
[2010.11.03 11:44:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.10.28 07:55:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.23 07:10:30 | 000,000,066 | ---- | M] () -- C:\WINDOWS\Wor.INI
[2010.11.23 07:09:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Uwe P\Desktop\OTL.exe
[2010.11.23 07:04:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.23 07:04:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.22 14:36:10 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.22 14:15:05 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Wks.INI
[2010.11.22 13:41:34 | 000,000,087 | ---- | M] () -- C:\WINDOWS\Was.INI
[2010.11.19 13:29:07 | 000,000,249 | ---- | M] () -- C:\WINDOWS\KASSBUCH.INI
[2010.11.19 07:57:55 | 000,000,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZVPlan.lnk
[2010.11.15 13:00:46 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.10 14:46:27 | 000,072,150 | ---- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Desktop\Schild Christoph1000x600.JPG
[2010.11.10 10:47:00 | 000,068,585 | ---- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Desktop\Uwe_1000x600.jpg
[2010.11.10 08:49:55 | 000,521,186 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.10 08:49:55 | 000,497,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.10 08:49:55 | 000,102,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.10 08:49:55 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.09 08:54:05 | 000,000,068 | ---- | M] () -- C:\WINDOWS\Wis.INI
[2010.11.03 18:50:35 | 000,000,051 | ---- | M] () -- C:\WINDOWS\Wds.INI
[2010.10.27 16:19:33 | 000,038,466 | ---- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.10 14:46:26 | 000,072,150 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Desktop\Schild Christoph1000x600.JPG
[2010.11.10 10:47:00 | 000,068,585 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Desktop\Uwe_1000x600.jpg
[2010.11.03 12:35:24 | 000,000,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZVPlan.lnk
[2010.10.27 16:19:33 | 000,038,466 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2010.10.18 13:17:18 | 000,159,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.10.13 16:14:22 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc
[2010.02.04 07:04:32 | 000,000,039 | ---- | C] () -- C:\WINDOWS\eplan.ini
[2009.12.29 11:47:49 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2009.09.23 07:03:09 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2009.09.23 07:03:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2009.09.23 07:01:53 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2009.09.23 07:01:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2009.07.29 10:34:51 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ComCenter.ini
[2009.07.10 15:51:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009.07.10 14:26:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009.07.10 14:26:04 | 000,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009.07.10 14:24:52 | 000,000,810 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009.07.10 14:01:18 | 000,001,113 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2009.07.10 13:57:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ComCenter.ini
[2009.07.10 07:36:00 | 000,958,976 | ---- | C] () -- C:\WINDOWS\System32\iPostCtl.dll
[2009.07.10 07:35:59 | 001,067,520 | ---- | C] () -- C:\WINDOWS\System32\iFolderCtrl.dll
[2009.07.10 07:35:58 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\iFaxCtrl.dll
[2009.07.03 17:20:49 | 000,000,084 | ---- | C] () -- C:\WINDOWS\Wnz.INI
[2009.06.24 12:07:03 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.06.16 06:46:37 | 000,000,004 | ---- | C] () -- C:\WINDOWS\SHISETUP.SYS
[2009.03.09 14:00:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\azeugnis.INI
[2008.12.25 11:33:29 | 000,025,692 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft Excel.ADR
[2008.12.25 10:32:22 | 000,022,085 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR
[2008.12.25 10:17:27 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.12.23 17:09:57 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\$_hpcst$.hpc
[2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.12 09:02:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008.11.06 14:29:20 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Wds.INI
[2008.11.05 21:22:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.11.05 20:49:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008.11.04 11:51:19 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008.08.01 09:28:06 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Wis.INI
[2008.07.11 08:38:04 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WPE.INI
[2008.06.26 13:10:14 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Wsv.INI
[2008.06.11 07:25:15 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Wmv.INI
[2008.06.05 05:38:41 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\gsbest32.dll
[2008.05.26 06:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waa.INI
[2008.05.15 09:54:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2008.05.15 06:41:42 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Wor.INI
[2008.05.15 06:24:12 | 000,041,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Uwe P\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.15 05:19:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008.05.14 17:42:30 | 000,000,027 | ---- | C] () -- C:\WINDOWS\Wop.INI
[2008.05.14 16:22:13 | 000,000,087 | ---- | C] () -- C:\WINDOWS\Was.INI
[2008.05.14 15:05:54 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Wks.INI
[2008.05.14 13:14:43 | 000,020,560 | ---- | C] () -- C:\WINDOWS\System32\Msau200.dll
[2008.05.14 13:14:43 | 000,000,249 | ---- | C] () -- C:\WINDOWS\KASSBUCH.INI
[2008.05.14 13:12:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ZMIS.INI
[2008.05.13 21:44:30 | 000,000,073 | ---- | C] () -- C:\WINDOWS\WSB.INI
[2008.05.13 21:43:30 | 000,000,130 | ---- | C] () -- C:\WINDOWS\uno.ini
[2008.05.13 20:30:45 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.05.13 17:29:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.10.27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004.08.04 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004.08.04 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004.08.04 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004.08.04 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004.08.04 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2008.05.21 13:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2008.07.18 17:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2009.07.07 07:28:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2009.06.23 07:12:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2010.11.03 13:19:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConSoft
[2008.12.25 10:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.01.07 09:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.07.30 08:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2008.05.14 16:54:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Acronis
[2010.01.28 09:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Ashampoo
[2008.09.09 06:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\CD-LabelPrint
[2009.08.06 07:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ComCenter
[2008.12.25 10:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools
[2008.12.25 10:22:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools Lite
[2008.12.25 10:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools Pro
[2009.03.27 09:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Foxit
[2010.01.06 07:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Foxit Software
[2010.01.07 07:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Funambol
[2010.11.10 12:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Image Zone Express
[2008.05.13 18:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\MSNInstaller
[2010.11.23 07:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Orbit
[2010.11.05 07:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ProgSense
[2008.05.14 05:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Softland
[2010.10.14 07:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\TeamViewer
[2008.06.28 06:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Thunderbird
[2009.07.30 08:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\TomTom
[2009.06.26 08:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.05.14 16:54:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Acronis
[2008.05.14 15:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Adobe
[2010.01.28 09:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Ashampoo
[2009.06.24 11:55:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ATI
[2010.11.03 11:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Avira
[2008.09.09 06:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\CD-LabelPrint
[2009.08.06 07:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ComCenter
[2008.12.25 10:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools
[2008.12.25 10:22:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools Lite
[2008.12.25 10:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DAEMON Tools Pro
[2009.09.23 10:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\DivX
[2009.03.27 09:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Foxit
[2010.01.06 07:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Foxit Software
[2010.01.07 07:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Funambol
[2008.12.29 11:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Google
[2008.09.25 11:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Help
[2009.07.10 14:58:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\HP
[2010.11.16 07:53:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\HpUpdate
[2008.05.13 17:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Identities
[2010.11.10 12:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Image Zone Express
[2008.05.13 21:40:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\InstallShield
[2008.05.13 19:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Macromedia
[2009.12.29 13:53:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Malwarebytes
[2009.07.23 08:32:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft
[2008.12.15 10:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Mozilla
[2008.05.13 18:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\MSNInstaller
[2010.11.23 07:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Orbit
[2010.11.05 07:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\ProgSense
[2010.11.08 10:08:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Skype
[2010.11.08 10:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\skypePM
[2008.05.14 05:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Softland
[2008.07.29 08:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Sun
[2008.06.28 06:55:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Talkback
[2010.10.14 07:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\TeamViewer
[2008.06.28 06:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Thunderbird
[2009.07.30 08:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\TomTom
[2009.06.26 08:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software
[2010.11.05 10:21:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\vlc
[2008.07.12 10:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.01.13 13:03:42 | 000,049,334 | R--- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_6F5BD9A189C47F56F83B7E.exe
[2009.01.13 13:03:42 | 000,049,334 | R--- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_6FEFF9B68218417F98F549.exe
[2009.01.13 13:03:42 | 000,049,334 | R--- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft\Installer\{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}\_C46CDCCA9E79F204FAD883.exe
[2008.11.05 09:18:09 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Microsoft\Installer\{E0318E1F-A08A-47E8-9870-9C5B6EDEE7D4}\ARPPRODUCTICON.exe
[2009.06.26 08:26:23 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe
[2009.06.26 09:20:24 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[1].exe
[2009.06.26 09:21:14 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[2].exe
[2009.06.26 09:24:39 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[3].exe
[2009.06.26 09:27:41 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[4].exe
[2009.12.15 14:14:30 | 000,450,328 | ---- | M] (Tracker Software Products Ltd.) -- C:\Dokumente und Einstellungen\Uwe P\Anwendungsdaten\Tracker Software\LiveUpdate\Updates\LiveUpdate[5].exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.05.13 19:28:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.05.13 19:28:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.05.13 19:28:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.05.13 19:28:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.12.25 10:17:27 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.05.13 18:26:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.13 18:26:57 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.13 18:26:57 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.02.25 22:42:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0

< End of report >
         
--- --- ---

Extras.Txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.11.2010 07:10:39 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Uwe P\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 22,86 Gb Total Space | 7,39 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
Drive D: | 109,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 58,59 Gb Total Space | 32,05 Gb Free Space | 54,70% Space Free | Partition Type: NTFS
Drive F: | 37,93 Gb Total Space | 11,30 Gb Free Space | 29,78% Space Free | Partition Type: NTFS
Drive J: | 272,60 Gb Total Space | 109,63 Gb Free Space | 40,22% Space Free | Partition Type: NTFS
 
Computer Name: BUERO | User Name: Uwe P | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Uwe P\temp\TeamViewer3\TeamViewer.exe" = C:\Dokumente und Einstellungen\Uwe P\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\DOKUME~1\UWEP~1\LOKALE~1\Temp\Rar$EX00.546\GOstMSG.exe" = E:\DOKUME~1\UWEP~1\LOKALE~1\Temp\Rar$EX00.546\GOstMSG.exe:*:Enabled:GOstMSG -- File not found
"E:\Programme\XAN ISDN-Anrufbeantworter\ABServer.exe" = E:\Programme\XAN ISDN-Anrufbeantworter\ABServer.exe:*:Enabled:ISDN-Anrufbeantworter 3 -- File not found
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"E:\Programme\Zattoo\zattood.exe" = E:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"E:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = E:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"E:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = E:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"E:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = E:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"e:\Programme\Orbitdownloader\orbitdm.exe" = e:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"e:\Programme\Orbitdownloader\orbitnet.exe" = e:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0355CF40-97AF-9CDD-7282-BF151AEE724B}" = ccc-core-static
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}" = STRATO Backup Manager
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2306AB02-DE01-1366-BCFF-41D1197CF42E}" = ccc-utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22
"{2FAAECD0-1929-11DA-6784-006853A418BE}" = Arbeitszeugnis,  Version 2.95
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4E203CAF-230D-5275-C15B-517273593359}" = Catalyst Control Center Core Implementation
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53192FD8-AAE9-494F-B0E2-A48B287B4234}" = testo easyheat Software
"{55C6E3F1-21B9-4D7A-98A6-B3E1671F9733}_is1" = Phonesuite ZTC B2 V1.0
"{5BFE01FF-189F-4b75-8FA8-9B7CD7F9C529}" = L7500
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6554815C-24E2-4B54-AE6D-E3BB0D824043}" = INFORM
"{65EAB391-4B36-59AA-0336-D0C4BEB6CD2F}" = CCC Help English
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69CA3A84-6CE4-41C3-9E5F-69135D18D751}" = Gigaset SX3x3isdn
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{7E7C9FB7-711A-4FF0-B22F-42BD08652096}" = talk&surf 6.0
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{953F4AF6-25A4-2419-0A5D-FCA262FEF85E}" = Catalyst Control Center Graphics Full New
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8FD4639-7171-4FAB-82F0-0CA7ED202C42}" = IN-FORM PRO PDA
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B98A55FE-758D-4828-D398-F7196D6D5DD3}" = ATI Catalyst Install Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C6A83D5C-636B-83F9-CEA4-9E2A31C4F509}" = ccc-core-preinstall
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{D82702FE-3789-406A-8FC6-A26AA7E8700E}" = testo easyheat Software 2.6
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DCB7474F-F85C-2196-700A-C69692895D00}" = Catalyst Control Center Graphics Full Existing
"{DF5F21A4-32FD-4A40-BEC0-7A147B7ED38C}" = talk&surf CAPI
"{E0318E1F-A08A-47E8-9870-9C5B6EDEE7D4}" = Testo USB Driver
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA5D652F-EC02-D5E8-6887-CE9EE1C9846F}" = Skins
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E77C7-846D-73D9-7B33-0AF6A5F5FD1B}" = Catalyst Control Center Graphics Light
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FE4A7D6F-4D22-4217-BB0E-511325F732A7}" = DanBasic III
"16B48D4BB9529AABC1247A6C06EB862C17256DF0" = Windows-Treiberpaket - testo AG Testo Common USB Drivers (05/19/2006 2.00.00)
"57DA365334747F9CE1355078E5BF605C810FD225" = Windows-Treiberpaket - testo AG Testo Common USB Drivers (05/19/2006 2.00.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Premium Security Suite
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.6.1 Beta 3
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Foxit PDF Editor" = Foxit PDF Editor
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.08
"FTDICOMM" = Testo Common USB Drivers
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KASSBUCH" = PC-Kassenbuch Version 3.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orbit_is1" = Orbit Downloader
"PDF-XChange Lite 3_is1" = PDF-XChange Lite 3
"Picasa 3" = Picasa 3
"PTS_GetSolar_is1" = PTS_GetSolar 1.0
"ROTEX Ersatzteile-Tool_is1" = Version 2.0 EK  09-2008
"STRATO Outlook Sync" = STRATO Outlook Sync 8.2.7
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.7.6.2056
"tpso-20081113095149" = JUNKERS Ersatzteilkatalog
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 1.1.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zattoo" = Zattoo 3.3.4 Beta
"ZVPLAN" = ZVPLAN 1.0.15 
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.11.2010 06:33:58 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung PhoneSuite.exe, Version 1.0.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.11.2010 06:36:17 | Computer Name = BUERO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung calltray.exe, Version 1.2.4.0, fehlgeschlagenes
 Modul calltray.exe, Version 1.2.4.0, Fehleradresse 0x0000306a.
 
Error - 08.11.2010 08:02:09 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung gsauftrag.exe, Version 2.8.26.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 10.11.2010 04:13:41 | Computer Name = BUERO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung calltray.exe, Version 1.2.4.0, fehlgeschlagenes
 Modul calltray.exe, Version 1.2.4.0, Fehleradresse 0x0000306a.
 
Error - 11.11.2010 08:21:32 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Wpe.exe, Version 2009.5.0.8, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.11.2010 09:28:09 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Wpe.exe, Version 2009.5.0.8, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 18.11.2010 08:38:41 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung gsauftrag.exe, Version 2.8.26.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.11.2010 04:59:20 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Wpe.exe, Version 2009.5.0.8, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.11.2010 05:50:32 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.8325.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.11.2010 05:58:39 | Computer Name = BUERO | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
[ System Events ]
Error - 18.11.2010 08:28:26 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 19.11.2010 02:28:47 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 19.11.2010 03:04:37 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 19.11.2010 04:57:49 | Computer Name = BUERO | Source = Print | ID = 6161
Description = Das Dokument outbind://1-0000000050C5C85BCD464644A76E87676741C7BF24113100/,
 im Besitz von Uwe P, konnte nicht auf dem Drucker HP Officejet Pro L7500 Series
 gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes:
 196608. Anzahl der gedruckten Bytes: 196608. Gesamtanzahl der Seiten des Dokuments:
 2. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\BUERO. Vom Druckprozessor
 zurückgelieferter Win32-Fehlercode: 0 (0x0). 
 
Error - 19.11.2010 07:13:35 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 21.11.2010 05:33:10 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 22.11.2010 02:00:38 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 22.11.2010 07:37:30 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 23.11.2010 01:53:40 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 23.11.2010 02:05:40 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PIXMA Extended Survey Program" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
 
< End of report >
         
--- --- ---

Alt 23.11.2010, 07:29   #5
Uwe P.
 
Gozi-Befall auf einem oder mehreren von 4 Rechnern. - Standard

Gozi-Befall auf einem oder mehreren von 4 Rechnern.



Logfiles vom Rechner 4 sind zu lang. Link folgt.


Geändert von Uwe P. (23.11.2010 um 08:02 Uhr)

Alt 23.11.2010, 08:32   #6
Uwe P.
 
Gozi-Befall auf einem oder mehreren von 4 Rechnern. - Standard

Gozi-Befall auf einem oder mehreren von 4 Rechnern.



Rechner 4 (XP Keller Piii 500).
Keine Ahnung, warum ich keine Direktlinks erstellen kann:

www.trotzkoepp.de/img/extras.txt

www.trotzkoepp.de/img/otl.txt

Geändert von Uwe P. (23.11.2010 um 08:38 Uhr)

Antwort

Themen zu Gozi-Befall auf einem oder mehreren von 4 Rechnern.
0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, adblock, alternate, antivir, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, call of duty, canon, conduit, conhost.exe, corp./icp, desktop, downloader, entfernen, error, excel, excel.exe, fehler, firefox, firefox.exe, fontcache, frage, google, google chrome, home, home premium, iexplore.exe, install.exe, launch, location, locker, logfile, media center, mozilla, mywinlocker, nicht gefunden, nvlddmkm.sys, oldtimer, otl logfile, picasa, plug-in, programdata, programm, realtek, registry, richtlinie, saver, scan, sched.exe, schädling, searchplugins, security, skype.exe, software, sptd.sys, studio, taskhost.exe, teamspeak, visual studio, vlc media player, webcheck, windows, wrapper




Ähnliche Themen: Gozi-Befall auf einem oder mehreren von 4 Rechnern.


  1. XP: Ihr Computer ist aus einem oder mehreren Gründen gesperrt
    Log-Analyse und Auswertung - 12.08.2013 (31)
  2. PC aus einem oder mehreren der unten aufgeführten Gründe gesperrt - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (8)
  3. Ihr Computer ist aus einem oder mehreren unten aufgeführten Gründe gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  4. GVU-Trojaner: Ihr Computer wurde aus einem oder mehreren ... WIN XP
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (10)
  5. Ihr Computer ist aus einem oder mehreren unten aufgeführten Gründe gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (15)
  6. Das System hat ein Problem mit einem oder mehreren installierten IDE-/SATA-Festplatten erkannt.
    Log-Analyse und Auswertung - 10.08.2011 (1)
  7. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA Festplatten
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (28)
  8. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt
    Log-Analyse und Auswertung - 27.05.2011 (30)
  9. Das System hat ein Problem mit einem oder mehreren installieren IDE / SATA-Festplatten erkannt.
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (21)
  10. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt.
    Log-Analyse und Auswertung - 23.05.2011 (15)
  11. Das system hat ein Problem mit einem oder mehreren installieren IDE / SATA-Festplatten erkannt.
    Log-Analyse und Auswertung - 21.05.2011 (11)
  12. Das System hat ein Problem mit einem oder mehreren installieren IDE / SATA-Festplatten erkannt.
    Plagegeister aller Art und deren Bekämpfung - 20.05.2011 (3)
  13. Das System hat ein Problem mit einem oder mehreren installierten IDE-/SATA-Festplatten erkannt
    Log-Analyse und Auswertung - 15.05.2011 (3)
  14. 'Das System hat ein Problem mit einem oder mehreren installierten IDE-/SATA-Festplatten erkannt.'
    Log-Analyse und Auswertung - 02.05.2011 (3)
  15. Festplatte beschädigt Das System hat mit einem oder mehreren installierten...
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (28)
  16. Festplatte beschädigt Das System hat mit einem oder mehreren installierten...
    Log-Analyse und Auswertung - 29.04.2011 (20)
  17. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt.
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (5)

Zum Thema Gozi-Befall auf einem oder mehreren von 4 Rechnern. - Hallo, heute hat die comdirect mein Konto gesperrt. Auf Anfrage bekam ich die Info, das ich mich von einem Rechner mit Gozi-Befall eingeloggt habe. In verschiedenen Foren habe ich gelesen, - Gozi-Befall auf einem oder mehreren von 4 Rechnern....
Archiv
Du betrachtest: Gozi-Befall auf einem oder mehreren von 4 Rechnern. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.