| Wurstbrod | 15.09.2010 17:16 |
was neu ist: mittlerweile meldet sich antivir ab und zu und findet den einen oder anderen schädling. z.b. TR/PSW.Papras.C in c:\windows\system32\attrdsvr.dll
hier extras.txt
OTL Logfile: Code:
OTL Extras logfile created on: 15.09.2010 18:04:40 - Run 3
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\vvjj\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
953,00 Mb Total Physical Memory | 512,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,41 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 129,51 Gb Total Space | 28,50 Gb Free Space | 22,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXXXXKONSTANZ
Current User Name: vvjj
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Funshion Online\Funshion\Funshion.exe" = C:\Program Files\Funshion Online\Funshion\Funshion.exe:*:Enabled:Funshion -- File not found
"C:\Program Files\PokerStrategy\PokerStrategy Equilator\Equilator.exe" = C:\Program Files\PokerStrategy\PokerStrategy Equilator\Equilator.exe:*:Enabled:PokerStrategy Equilator -- (PokerStrategy)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"E:\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = E:\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = E:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = E:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = E:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\vvjj\My Documents\Downloads\qq2009sp6_installer.exe" = C:\Documents and Settings\vvjj\My Documents\Downloads\qq2009sp6_installer.exe:*:Enabled:QQ2009 -- (Tencent)
"C:\Program Files\Tencent\QQ\Bin\QQ.exe" = C:\Program Files\Tencent\QQ\Bin\QQ.exe:*:Enabled:??QQ2009 -- (Tencent)
"C:\Program Files\Tencent\QQ\Bin\auclt.exe" = C:\Program Files\Tencent\QQ\Bin\auclt.exe:*:Enabled:QQ2010 -- (Tencent)
"C:\spiele\Qianhong\Qianhong.exe" = C:\spiele\Qianhong\Qianhong.exe:*:Enabled:Qianhong Application -- (jcraner.com)
"E:\Diablo\diablo.exe" = E:\Diablo\diablo.exe:*:Enabled:Diablo -- (Blizzard Entertainment)
"C:\Program Files\SogouInput\5.0.1.4185\PinyinUp.exe" = C:\Program Files\SogouInput\5.0.1.4185\PinyinUp.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
"C:\Program Files\Funshion Online\Funshion\FunshionService.exe" = C:\Program Files\Funshion Online\Funshion\FunshionService.exe:*:Enabled:FunshionService -- File not found
"C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe" = C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe:*:Enabled:FunshionUpgrade -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2009
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Atheros Wireless LAN Client Adapter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61B9BC1E-F0E6-4A4F-98CB-A0D2EB2D7731}" = O2Micro Flash Memory Card Reader Driver (x86)
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A27CAF84-656A-4D4D-9D95-D5B1368074C7}" = PokerStrategy Elephant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4EB3763-9586-405D-B376-DE98C8C9285E}" = PokerStrategy Equilator
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle.net" = Battle.net
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"CCleaner" = CCleaner (remove only)
"Diablo" = Diablo
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"Fallout2" = Fallout2
"GhostMouse 2.0" = GhostMouse 2.0
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Pacific Poker" = Pacific Poker
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Qianhong" = Qianhong 3.5.1
"QQÓÎÏ·" = QQÓÎÏ·
"Sogou Input" = 搜狗拼音输入法 5.0正式版
"ST6UNST #1" = Recorder
"storm2" = ±©·çÓ°Òô
"Titan Poker" = Titan Poker
"TVEpaDrv" = Renkforce DVD MAKER II
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CGoban 3" = CGoban 3
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
[ System Events ]
Error - 29.08.2010 03:50:05 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
Error - 30.08.2010 17:29:28 | Computer Name = JINGE-KONSTANZ | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PC-200904252256 that believes that it is the master browser for the domain on transport
NwlnkNb. The master browser is stopping or an election is being forced.
Error - 03.09.2010 11:53:10 | Computer Name = JINGE-KONSTANZ | Source = System Error | ID = 1003
Description = Error code 40000080, parameter1 855e4130, parameter2 85642f30, parameter3
84a46f44, parameter4 00000001.
Error - 03.09.2010 11:56:43 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
Error - 03.09.2010 12:07:11 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
Error - 04.09.2010 05:21:17 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
Error - 13.09.2010 16:10:48 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
Error - 14.09.2010 02:16:37 | Computer Name = JINGE-KONSTANZ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 0017C446EB6D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 14.09.2010 02:24:23 | Computer Name = JINGE-KONSTANZ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 15.09.2010 12:02:16 | Computer Name = JINGE-KONSTANZ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
< End of report >
--- --- ---
otl:
OTL Logfile: Code:
OTL logfile created on: 15.09.2010 18:04:40 - Run 3
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\vvjj\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
953,00 Mb Total Physical Memory | 512,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,41 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 129,51 Gb Total Space | 28,50 Gb Free Space | 22,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXXXXKONSTANZ
Current User Name: vvjj
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\vvjj\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\vvjj\Local Settings\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\vvjj\My Documents\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
========== Driver Services (SafeList) ==========
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?o=13928&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..network.proxy.backup.ftp: "128.151.65.101"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "128.151.65.101"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "128.151.65.101"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "128.151.65.101"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "128.151.65.101"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "128.151.65.101"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "128.151.65.101"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "128.151.65.101"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "128.151.65.101"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.09 19:34:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.09 19:34:04 | 000,000,000 | ---D | M]
[2009.06.11 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Extensions
[2009.06.11 11:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\extensions
[2009.06.11 11:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.09.15 08:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions
[2009.09.02 13:59:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.26 08:10:58 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.09.14 22:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.29 09:08:05 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.29 09:08:05 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.29 09:08:05 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.29 09:08:05 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.29 09:08:06 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.09.03 18:03:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Stormtray] C:\Program Files\StormII\Stormtray.exe File not found
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} hxxp://game-web.qq.com/client/QQGame2.cab (WebActivater Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\vvjj\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vvjj\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.19 18:54:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.09.15 18:04:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.09.14 21:13:31 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vvjj\My Documents\OTL.exe
[2010.09.14 21:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Desktop\15
[2010.09.13 22:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Application Data\Malwarebytes
[2010.09.13 22:52:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.13 22:52:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.13 22:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.13 22:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.13 22:44:56 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\vvjj\My Documents\mbam-setup.exe
[2010.09.05 21:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010.09.05 21:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010.09.05 20:49:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.09.03 20:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Application Data\vlc
[2010.09.03 19:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.08.30 21:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\rplsp
[2010.08.30 21:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Desktop\mplayerc_20100214
[2010.08.30 20:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010.08.29 09:14:26 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe
[2010.08.29 09:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\vvjj\My Documents\*.tmp files -> C:\Documents and Settings\vvjj\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.09.15 18:02:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.15 18:02:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.15 08:15:47 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\vvjj\NTUSER.DAT
[2010.09.15 08:15:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\vvjj\ntuser.ini
[2010.09.14 21:13:32 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vvjj\My Documents\OTL.exe
[2010.09.14 08:24:14 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.13 22:52:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.13 22:44:56 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\vvjj\My Documents\mbam-setup.exe
[2010.09.13 22:14:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.13 18:31:06 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 21:15:03 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\attrdsvr.dll
[2010.09.11 21:47:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.07 20:46:13 | 000,003,748 | ---- | M] () -- C:\Documents and Settings\vvjj\funshion.ini
[2010.09.05 16:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\SogouImeMgr.job
[2010.09.03 20:00:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.09.03 18:03:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.30 21:49:14 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓÎÏ·.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓÎÏ·.lnk
[2010.08.30 21:49:14 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô.lnk
[2010.08.30 21:49:14 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓ°Òô.lnk
[2010.08.30 20:46:45 | 003,389,035 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\eMule0.50a-Installer.exe
[2010.08.30 20:44:24 | 004,973,610 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\emule050a.exe
[2010.08.29 09:13:55 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe
[2010.08.28 22:25:21 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010.08.23 09:14:59 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\launch.ica
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\vvjj\My Documents\*.tmp files -> C:\Documents and Settings\vvjj\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.13 22:52:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 21:15:03 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\attrdsvr.dll
[2010.09.03 20:00:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.09.01 22:21:41 | 000,011,946 | ---- | C] () -- C:\Documents and Settings\vvjj\hs_err_pid3116.log
[2010.08.30 21:49:14 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\vvjj\Desktop\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓÎÏ·.lnk
[2010.08.30 20:46:44 | 003,389,035 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\eMule0.50a-Installer.exe
[2010.08.30 20:44:15 | 004,973,610 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\emule050a.exe
[2010.08.28 22:24:58 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010.08.23 09:14:59 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\launch.ica
[2010.07.11 14:41:43 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\vvjj\Application Data\coreavc.ini
[2010.07.08 20:45:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010.06.26 23:20:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.06.23 18:53:57 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_1.drv
[2010.06.20 22:37:25 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2010.05.06 21:35:30 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.01.20 21:59:28 | 000,001,275 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2010.01.20 21:59:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.01.06 23:27:52 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009.08.21 23:39:43 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009.08.21 23:39:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009.08.21 23:39:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009.07.23 21:43:38 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.11 23:42:14 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.11 23:42:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.01 22:56:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini
[2009.06.01 22:54:46 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009.06.01 22:54:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.06.01 22:54:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.05.25 20:04:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\funshionplugin2.INI
[2009.05.25 18:54:04 | 000,344,958 | R--- | C] () -- C:\WINDOWS\System32\imjp81k.dll
[2009.05.19 19:46:18 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\postgresinstall.bat
[2009.05.19 19:01:59 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
========== Custom Scans ==========
< :OTL >
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm >
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= >
Invalid Switch: askRedirect?o=13925&gct=&gc=1&q=
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?o=13928&l=dis >
Invalid Switch: ?o=13928&l=dis
< FF - prefs.js..network.proxy.backup.ftp: "128.151.65.101" >
< FF - prefs.js..network.proxy.backup.ftp_port: 3128 >
< FF - prefs.js..network.proxy.backup.gopher: "128.151.65.101" >
< FF - prefs.js..network.proxy.backup.gopher_port: 3128 >
< FF - prefs.js..network.proxy.backup.socks: "128.151.65.101" >
< FF - prefs.js..network.proxy.backup.socks_port: 3128 >
< FF - prefs.js..network.proxy.backup.ssl: "128.151.65.101" >
< FF - prefs.js..network.proxy.backup.ssl_port: 3128 >
< FF - prefs.js..network.proxy.ftp: "128.151.65.101" >
< FF - prefs.js..network.proxy.ftp_port: 3128 >
< FF - prefs.js..network.proxy.gopher: "128.151.65.101" >
< FF - prefs.js..network.proxy.gopher_port: 3128 >
< FF - prefs.js..network.proxy.http: "128.151.65.101" >
< FF - prefs.js..network.proxy.http_port: 3128 >
< FF - prefs.js..network.proxy.share_proxy_settings: true >
< FF - prefs.js..network.proxy.socks: "128.151.65.101" >
< FF - prefs.js..network.proxy.socks_port: 3128 >
< FF - prefs.js..network.proxy.ssl: "128.151.65.101" >
< FF - prefs.js..network.proxy.ssl_port: 3128 >
< [2010.08.30 21:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\rplsp >
< [2010.08.29 09:14:26 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe >
< [2010.09.12 21:15:03 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\attrdsvr.dll >
< [2010.08.28 22:25:21 | 000,000,005 | ---- | M] () -- C:\zrpt.xml >
< :Commands >
< [purity] >
< [resethosts] >
< [emptytemp] >
========== Files - Unicode (All) ==========
[2009.12.01 23:52:42 | 000,000,632 | ---- | M] ()(C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,632 | ---- | C] ()(C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,614 | ---- | M] ()(C:\Documents and Settings\vvjj\Desktop\????.lnk) -- C:\Documents and Settings\vvjj\Desktop\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,614 | ---- | C] ()(C:\Documents and Settings\vvjj\Desktop\????.lnk) -- C:\Documents and Settings\vvjj\Desktop\暴风影音.lnk
< End of report >
--- --- --- |
