Trojaner-Board - Kann mal jemand in mein HiJack blicken .....

OTL Logfile:

Code:

OTL Extras logfile created on: 05.09.2010 22:17:34 - Run 1

OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\****\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 140,73 Gb Free Space | 60,43% Space Free | Partition Type: NTFS

Unable to calculate disk information.

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ****

Current User Name: ****

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader

"1119:TCP" = 1119:TCP:*:Enabled:Blizzard Downloader

"1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)

"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\Armagetron Advanced\armagetronad.exe" = C:\Programme\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad -- ()

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\****\Desktop\WoW-BurningCrusade-deDE-Installer-downloader.exe" = C:\Dokumente und Einstellungen\****\Desktop\WoW-BurningCrusade-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Programme\Steam\steamapps\****\day of defeat source\hl2.exe" = C:\Programme\Steam\steamapps\comptonjocker\day of defeat source\hl2.exe:*:Enabled:hl2 -- ()

"C:\Programme\Teamspeak2E_RC2\server_windows.exe" = C:\Programme\Teamspeak2E_RC2\server_windows.exe:*:Enabled:Server -- ()

"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()

"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found

"C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:*:Enabled:  -- File not found

"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Programme\World of Warcraft\WoW-2.4.3-to-3.0.2-deDE-Win-Final-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.4.3-to-3.0.2-deDE-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Programme\GOA\Gunbound\GunBound.gme" = C:\Programme\GOA\Gunbound\GunBound.gme:*:Enabled:GunBound -- File not found

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 1f782da8\Launcher.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 1f782da8\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found

"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 446af038\Launcher.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 446af038\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found

"C:\Programme\Unreal Tournament 2004\System\UT2004.exe" = C:\Programme\Unreal Tournament 2004\System\UT2004.exe:*:Enabled:UT2004 -- ()

"C:\Programme\Valve\hl.exe" = C:\Programme\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Programme\Steam\steamapps\****\half-life 2 deathmatch\hl2.exe" = C:\Programme\Steam\steamapps\comptonjocker\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\CCProxy\CCProxy.exe" = C:\CCProxy\CCProxy.exe:*:Enabled:CCProxy -- File not found

"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found

"C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\Warcraft III Frozen Throne\Warcraft III.exe" = C:\Programme\Warcraft III Frozen Throne\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Programme\QuickTime\QuickTimePlayer.exe" = C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)

"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)

"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\Steam\steamapps\comptonjocker\counter-strike source\hl2.exe" = C:\Programme\Steam\steamapps\comptonjocker\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS5.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS5.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)

"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS7.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS7.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found

"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS9.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS9.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)

"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSB.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)

"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSD.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****

\Lokale Einstellungen\Temp\7zSD.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)

"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSF.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSF.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.2.2

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R)

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}" = O&O SafeErase

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.29

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F216C9C6-23F7-47B4-B57E-9878DE2E8534}" = QIP Infium 9033.6 Jeak-Edition

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software

"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface

"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc

"AudibleDownloadManager" = Audible Download Manager

"AVG9Uninstall" = AVG Free 9.0

"AviSynth" = AviSynth 2.5

"CCleaner" = CCleaner

"CloneDVD2" = CloneDVD2

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Dream Aquarium_is1" = Dream Aquarium

"DVD Shrink_is1" = DVD Shrink 3.2

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"HPOCR" = HP OCR Software 9.0

"ie8" = Windows Internet Explorer 8

"Inkscape" = Inkscape 0.47

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PandoraRecovery" = PandoraRecovery (Remove Only)

"PC-Trainer Metall" = PC-Trainer Metall

"Picasa 3" = Picasa 3

"Replay Director1.0" = Replay Director

"Replay Media Catcher 3.11" = Replay Media Catcher 3.11

"Steam App 240" = Counter-Strike: Source

"Steam App 300" = Day of Defeat: Source

"Steam App 320" = Half-Life 2: Deathmatch

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2

"TmNationsForever_is1" = TmNationsForever Update 2010-03-15

"Uninstall_is1" = Uninstall 1.0.0.1

"Videora iPod touch Converter" = Videora iPod touch Converter 5.04

"VLC media player" = VideoLAN VLC media player 0.8.6i

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.6

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"World of Warcraft" = World of Warcraft

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 04.09.2010 11:27:42 | Computer Name = HOME-C60F8FC674 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung inkscape.exe, Version 0.47.0.0, fehlgeschlagenes

 Modul inkscape.exe, Version 0.47.0.0, Fehleradresse 0x004f6ca7.

 

Error - 04.09.2010 17:35:14 | Computer Name = HOME-C60F8FC674 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung SpyHunter4.exe, Version 4.2.24.3011, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.09.2010 06:58:47 | Computer Name = HOME-C60F8FC674 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung inkscape.exe, Version 0.47.0.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100

Description = 316: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100

Description = 312: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100

Description = 480: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100

Description = 472: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100

Description = 492: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100

Description = 504: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100

Description = 516: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

[ OSession Events ]

Error - 15.12.2008 07:21:41 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 

lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 18.10.2009 12:56:25 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 147

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 18.10.2009 12:56:33 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 18.10.2009 12:56:38 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 18.10.2009 12:56:47 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 18.10.2009 12:56:58 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 04.09.2010 18:25:14 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 05.09.2010 04:28:04 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 05.09.2010 04:29:34 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 05.09.2010 06:42:55 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 05.09.2010 06:44:09 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 05.09.2010 12:27:58 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 05.09.2010 12:29:21 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 05.09.2010 13:29:06 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 05.09.2010 13:29:13 | Computer Name = HOME-C60F8FC674 | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 05.09.2010 13:30:28 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 05.09.2010 22:17:34 - Run 1

OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\****\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 140,73 Gb Free Space | 60,43% Space Free | Partition Type: NTFS

Unable to calculate disk information.

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ****

Current User Name: ****

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()

PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3745.dll ()

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()

SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()

SRV - (SolidWorks Licensing Service) -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)

SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (Mach3) -- C:\WINDOWS\System32\Drivers\Mach3.sys File not found

DRV - (InCDRm) -- C:\WINDOWS\System32\drivers\InCDRm.sys File not found

DRV - (InCDPass) -- C:\WINDOWS\System32\drivers\InCDPass.sys File not found

DRV - (InCDFs) -- C:\WINDOWS\System32\drivers\InCDFs.sys File not found

DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys File not found

DRV - (ALSysIO) -- C:\DOKUME~1\****~1\LOKALE~1\Temp\ALSysIO.sys File not found

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (AR5523) -- C:\WINDOWS\system32\drivers\ar5523.sys (                                                                                                                                       )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "QIP Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://google.de"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845

FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="

 

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.07.21 19:16:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.20 17:06:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.20 17:06:15 | 000,000,000 | ---D | M]

 

[2008.08.29 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions

[2010.09.04 23:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions

[2010.04.29 16:08:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.29 16:08:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010.03.16 20:46:04 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}

[2010.06.26 14:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2008.07.19 20:06:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009.06.11 21:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\moveplayer@movenetworks.com

[2009.10.31 20:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\OberonGameHost@OberonGames.com

[2010.09.03 16:16:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-1.xml

[2009.03.29 19:59:51 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-2.xml

[2009.04.22 18:16:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-3.xml

[2009.04.30 16:58:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-4.xml

[2009.06.13 20:24:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-5.xml

[2009.07.25 11:29:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-6.xml

[2009.03.01 14:02:44 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin.xml

[2010.03.22 21:16:32 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\qip-search.xml

[2010.09.04 23:45:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2008.07.17 19:24:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010.03.25 18:15:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.25 18:15:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.25 18:15:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.25 18:15:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.25 18:15:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.09.04 18:29:51 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       loc

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKCU..\Run: [AdobeBridge]  File not found

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\****\Eigene Dateien\Eigene Bilder\Neuer Ordner (2)\I Menek JUNIOR Negativ x.png

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\****\Eigene Dateien\Eigene Bilder\Neuer Ordner (2)\I Menek JUNIOR 2.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.07.17 18:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell - "" = AutoRun

O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell\1\Command - "" = .\recycled\info.exe

O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.09.05 22:15:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe

[2010.09.05 15:26:23 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2010.09.05 15:26:19 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2010.09.05 15:19:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent

[2010.09.05 00:25:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.09.05 00:25:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.09.05 00:25:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.09.04 16:17:16 | 007,516,167 | ---- | C] (McAfee Inc.) -- C:\Dokumente und Einstellungen\****\Desktop\stinger1010995.exe

[2010.09.04 13:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP

[2010.09.04 10:45:06 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\wdgjvzdp.sys

[2010.09.04 10:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore

[2010.09.03 23:04:28 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group

[2010.09.03 22:27:32 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy

[2010.09.03 22:27:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

[2010.09.03 16:03:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes

[2010.09.03 16:03:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.09.03 01:31:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2010.09.02 22:22:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia

[2010.09.02 22:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2010.09.02 21:46:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\A929FC40BE13998741439A16B4AE4486

[2010.08.20 17:05:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime

[2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[2010.08.08 19:30:26 | 000,000,000 | ---D | C] -- C:\Programme\Audible

[2010.08.08 19:30:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Audible

[2008.09.17 16:52:55 | 000,379,584 | R--- | C] (                                                                                                                                       ) -- C:\WINDOWS\System32\drivers\ar5523.sys

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.09.05 22:15:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe

[2010.09.05 19:33:21 | 000,044,386 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Generic.JPG

[2010.09.05 19:29:08 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.09.05 19:28:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.09.05 19:28:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.09.05 19:28:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.09.05 19:27:53 | 011,796,480 | ---- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.dat

[2010.09.05 18:44:16 | 064,339,327 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010.09.05 14:57:25 | 000,020,832 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\m00_2.JPG

[2010.09.05 14:57:25 | 000,018,212 | ---- | M] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel

[2010.09.05 14:54:14 | 000,149,102 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\m00_1.JPG

[2010.09.05 14:44:56 | 003,330,888 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\designerinfos_DE.zip

[2010.09.05 14:38:34 | 000,398,929 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\m00_1.png

[2010.09.05 13:14:25 | 007,487,055 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 2.2010_09_05_13_14_24.0.svg

[2010.09.05 00:25:04 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.04 17:26:48 | 000,949,029 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 1.2010_09_04_17_26_48.0.svg

[2010.09.04 17:20:55 | 000,000,017 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\stinger1010995.opt

[2010.09.04 17:07:10 | 002,073,599 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ 99.png

[2010.09.04 16:17:25 | 007,516,167 | ---- | M] (McAfee Inc.) -- C:\Dokumente und Einstellungen\****\Desktop\stinger1010995.exe

[2010.09.04 12:03:12 | 000,000,105 | ---- | M] () -- C:\Dokumente und Einstellungen\****\default.pls

[2010.09.04 12:03:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.09.04 10:45:06 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\wdgjvzdp.sys

[2010.09.03 23:40:44 | 000,000,145 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010.09.03 22:11:27 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini

[2010.09.03 16:52:39 | 000,000,803 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\CoreTemp.ini

[2010.09.02 21:46:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe

[2010.09.02 07:11:15 | 000,619,081 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\charfile.jpg

[2010.08.29 22:47:59 | 044,755,113 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 6.2010_08_29_22_47_54.0.svg

[2010.08.29 22:39:38 | 000,504,811 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ 2.png

[2010.08.29 22:27:31 | 001,571,369 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ.png

[2010.08.27 17:04:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.08.26 18:04:30 | 008,528,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\MARTERIA - VERSTRAHLT feat. Yasha.mp3

[2010.08.18 20:29:43 | 000,000,011 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Plugins.ini

[2010.08.14 14:20:56 | 002,210,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.08.13 22:33:25 | 001,005,750 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.08.13 22:33:25 | 000,452,310 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.08.13 22:33:25 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.08.13 22:33:25 | 000,081,118 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.08.13 22:33:25 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.08.12 18:56:42 | 000,228,864 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\mfu.xls

[2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[2010.08.07 15:17:39 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.09.05 19:33:21 | 000,044,386 | ---- | C] () -- C:\Dokumente und Einstellungen\****Desktop\Generic.JPG

[2010.09.05 14:57:25 | 000,020,832 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\m00_2.JPG

[2010.09.05 14:57:25 | 000,018,212 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel

[2010.09.05 14:44:57 | 003,330,888 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\designerinfos_DE.zip

[2010.09.05 14:39:35 | 000,149,102 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\m00_1.JPG

[2010.09.05 14:37:52 | 000,398,929 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\m00_1.png

[2010.09.05 13:14:24 | 007,487,055 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 2.2010_09_05_13_14_24.0.svg

[2010.09.05 00:25:04 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.04 17:26:48 | 000,949,029 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 1.2010_09_04_17_26_48.0.svg

[2010.09.04 17:20:55 | 000,000,017 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\stinger1010995.opt

[2010.09.04 16:36:52 | 002,073,599 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ 99.png

[2010.09.03 23:06:38 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010.09.02 07:11:13 | 000,619,081 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\charfile.jpg

[2010.08.29 22:47:54 | 044,755,113 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 6.2010_08_29_22_47_54.0.svg

[2010.08.29 22:39:31 | 000,504,811 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ 2.png

[2010.08.29 22:27:22 | 001,571,369 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ.png

[2010.08.20 18:29:31 | 008,528,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\MARTERIA - VERSTRAHLT feat. Yasha.mp3

[2010.08.18 20:29:43 | 000,000,011 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Plugins.ini

[2010.08.18 20:29:42 | 000,000,803 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\CoreTemp.ini

[2010.08.12 18:55:01 | 000,228,864 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\mfu.xls

[2010.04.12 21:46:49 | 000,000,440 | ---- | C] () -- C:\WINDOWS\CTL3D991.DLL

[2010.03.24 20:12:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.03.16 21:31:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\UserUtil.INI

[2010.03.16 21:30:34 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MachProcess.INI

[2010.03.16 21:29:31 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ToolUtil.INI

[2010.03.16 20:53:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\ptmetall.INI

[2009.12.20 21:59:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\applet.ini

[2009.11.26 22:40:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll

[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009.07.05 00:10:58 | 000,000,053 | ---- | C] () -- C:\WINDOWS\fcad5lt.ini

[2009.05.31 23:43:12 | 000,003,403 | ---- | C] () -- C:\WINDOWS\messer.ini

[2009.05.31 20:10:38 | 000,000,015 | ---- | C] () -- C:\WINDOWS\DME32.INI

[2009.05.26 17:53:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2009.04.30 23:09:46 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI

[2008.12.23 20:03:04 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2008.12.05 19:09:30 | 000,002,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log

[2008.11.03 19:13:28 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008.08.01 14:46:36 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008.07.18 09:23:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.07.17 19:57:10 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.07.17 19:12:40 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:EE47199619CAF6A0

@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:73F8B3C1

@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6FE816BE

< End of report >

--- --- ---