| clubb1ng | 30.09.2010 16:49 |
Guten Tag markusg,
danke für deine schnelle Resonanz.
Der OTL-Scan wird soeben gemacht, die Logfiles folgen gleich.
MfG, Dennis
// edit:
Hier die zwei Logfiles, ich hoffe Du kannst damit etwas anfangen.OTL Logfile: Code:
OTL logfile created on: 30.09.2010 17:44:28 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = V:\Users\*****\Documents
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = V: | %SystemRoot% = V:\Windows | %ProgramFiles% = V:\Program Files
Drive C: | 148,07 Gb Total Space | 98,42 Gb Free Space | 66,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 100,01 Gb Total Space | 20,38 Gb Free Space | 20,38% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive V: | 50,01 Gb Total Space | 10,70 Gb Free Space | 21,40% Space Free | Partition Type: NTFS
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - V:\Users\*****\Documents\OTL.exe (OldTimer Tools)
PRC - V:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - V:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - V:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - V:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - V:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - V:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - V:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - V:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - V:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - V:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - V:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - V:\Programme\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - V:\Windows\explorer.exe (Microsoft Corporation)
PRC - V:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - V:\Programme\DAEMON Tools Pro\DTProShellHlp.exe (DT Soft Ltd)
PRC - V:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - V:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - V:\Programme\BurnAware Free\NMSAccess32.exe ()
PRC - V:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - V:\Windows\System32\oodtray.exe (O&O Software GmbH)
PRC - V:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - V:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
========== Modules (SafeList) ==========
MOD - V:\Users\*****\Documents\OTL.exe (OldTimer Tools)
MOD - V:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - V:\Windows\System32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Boonty Games) -- V:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- V:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (WPFFontCache_v0400) -- V:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- V:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MotoConnect Service) -- V:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (LVPrcSrv) -- V:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FontCache) -- V:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- V:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (NMSAccess) -- V:\Programme\BurnAware Free\NMSAccess32.exe ()
SRV - (AVPNStarter) -- V:\Program Files\Steganos Internet Anonym VPN\AVPNStarter.exe ()
SRV - (O&O Defrag) -- V:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (WinDefend) -- V:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- V:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (x10nets) -- V:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- V:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- V:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- V:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- V:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (MBAMSwissArmy) -- V:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (motmodem) -- V:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (LVPr2Mon) -- V:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (atksgt) -- V:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- V:\Windows\System32\drivers\lirsgt.sys ()
DRV - (Lbd) -- V:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- V:\Windows\System32\Drivers\sptd.sys ()
DRV - (xfilt) -- V:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- V:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- V:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (HpCISSs) -- V:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- V:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (WDC_SAM) -- V:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (acedrv11) -- V:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (athr) -- V:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (MegaSR) -- V:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- V:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- V:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- V:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- V:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (ql2300) -- V:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- V:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel(R) -- V:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- V:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (vsmraid) -- V:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (arcsas) -- V:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- V:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- V:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- V:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- V:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- V:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- V:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- V:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- V:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- V:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- V:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- V:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- V:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- V:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (3xHybrid) -- V:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (tapavpn) -- V:\Windows\System32\drivers\tapavpn.sys (Steganos GmbH)
DRV - (LVUSBSta) -- V:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (nvlddmkm) -- V:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ql40xx) -- V:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- V:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- V:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- V:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- V:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- V:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- V:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- V:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- V:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- V:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- V:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- V:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- V:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- V:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- V:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- V:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- V:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- V:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (ZSMC301b) -- V:\Windows\System32\drivers\usbVM31b.sys (VM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2719325
IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 63 C4 B9 3E 24 CA 01 [binary data]
IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "MessengerPlusLive Germany TB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719325&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MessengerPlusLive Germany TB Customized Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719325&q="
FF - prefs.js..network.proxy.http: "202.3.217.125"
FF - prefs.js..network.proxy.http_port: 80
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: V:\Program Files\Mozilla Firefox\components [2010.09.18 09:45:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: V:\Program Files\Mozilla Firefox\plugins [2010.09.18 09:45:19 | 000,000,000 | ---D | M]
[2010.09.15 18:31:03 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.09.30 17:17:52 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions
[2010.09.16 22:49:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.21 00:03:57 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2010.09.15 20:46:27 | 000,000,000 | ---D | M] (No name found) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.15 20:46:27 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions\firefox@tvunetworks.com
[2010.09.15 16:29:02 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles(20)\tflzmrfc.default\extensions
[2010.09.15 16:29:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles(20)\tflzmrfc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.15 18:31:57 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles(32)\fmi4tj8l.default\extensions
[2010.09.15 18:31:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles(32)\fmi4tj8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.31 23:49:28 | 000,000,959 | ---- | M] () -- V:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yf15we85.default\searchplugins\conduit.xml
[2010.09.15 20:54:18 | 000,000,000 | ---D | M] -- V:\Programme\Mozilla Firefox\extensions
[2010.08.25 02:44:54 | 000,001,392 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.25 02:44:54 | 000,002,344 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.25 02:44:54 | 000,006,805 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.25 02:44:54 | 000,001,178 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.25 02:44:54 | 000,001,105 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.08.06 16:35:02 | 000,415,313 | R--- | M]) - V:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14362 more lines...
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - V:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - V:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - V:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Watch] V:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] V:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] V:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] V:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] V:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OODefragTray] V:\Windows\System32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] V:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] V:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] V:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000..\Run: [{BB571243-DB00-129A-D141-3B29754D5171}] V:\Users\*****\AppData\Roaming\Molia\epaps.exe ()
O4 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000..\Run: [Logitech Vid] V:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000..\Run: [WMPNSCFG] V:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] V:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - V:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - V:\Windows\System32\PrxerNsp.dll ( )
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - V:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - V:\Windows\System32\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - V:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - V:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - V:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - V:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - V:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: V:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: V:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.18 17:28:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - V:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{133c85a5-9290-11de-b990-0019dba7e8af}\Shell - "" = AutoRun
O33 - MountPoints2\{133c85a5-9290-11de-b990-0019dba7e8af}\Shell\AutoRun\command - "" = J:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{133c85a5-9290-11de-b990-0019dba7e8af}\Shell\dinstall\command - "" = J:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{21ef3527-9350-11de-a2ff-0019dba7e8af}\Shell - "" = AutoRun
O33 - MountPoints2\{21ef3527-9350-11de-a2ff-0019dba7e8af}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found
O33 - MountPoints2\{21ef3527-9350-11de-a2ff-0019dba7e8af}\Shell\setup\command - "" = O:\setup.exe -- File not found
O33 - MountPoints2\{5c2d7606-9265-11de-a8e3-0019dba7e8af}\Shell - "" = AutoRun
O33 - MountPoints2\{5c2d7606-9265-11de-a8e3-0019dba7e8af}\Shell\AutoRun\command - "" = I:\Autorun.EXE -- File not found
O33 - MountPoints2\{75da18e6-b0fa-11df-a91a-0019dba7e8af}\Shell - "" = AutoRun
O33 - MountPoints2\{75da18e6-b0fa-11df-a91a-0019dba7e8af}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\J\Shell\directx\command - "" = J:\DirectX9\dxsetup.exe -- File not found
O33 - MountPoints2\J\Shell\setup\command - "" = J:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - V:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - V:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - V:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - V:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - V:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - V:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - V:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - V:\Windows\system32\Rundll32.exe V:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A2DADDE9-88D0-7966-D0D6-BDF35B5EE29F} - .NET Framework
ActiveX: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - V:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - V:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "V:\Windows\System32\rundll32.exe" "V:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.ac3filter - V:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - V:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - V:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - V:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - V:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - V:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - V:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - V:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - V:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: VIDC.IV31 - V:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV32 - V:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV41 - V:\Windows\System32\ir41_32.dll (Intel(R) Corporation)
Drivers32: vidc.VP60 - V:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - V:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - V:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - V:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - V:\Windows\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010.09.30 17:41:07 | 000,575,488 | ---- | C] (OldTimer Tools) -- V:\Users\*****\Documents\OTL.exe
[2010.09.30 17:37:28 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\Malwarebytes
[2010.09.30 17:37:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- V:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.30 17:37:22 | 000,000,000 | ---D | C] -- V:\ProgramData\Malwarebytes
[2010.09.30 17:37:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- V:\Windows\System32\drivers\mbam.sys
[2010.09.30 17:37:21 | 000,000,000 | ---D | C] -- V:\Programme\Malwarebytes' Anti-Malware
[2010.09.30 17:36:58 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- V:\Users\*****\Documents\mbam-setup.exe
[2010.09.23 21:06:30 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\Printer Info Cache
[2010.09.23 21:06:30 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\Image Zone Express
[2010.09.23 18:26:17 | 000,000,000 | ---D | C] -- V:\ProgramData\WEBREG
[2010.09.23 18:26:06 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\HP
[2010.09.23 18:25:36 | 000,000,000 | ---D | C] -- V:\ProgramData\HPSSUPPLY
[2010.09.23 18:22:55 | 000,000,000 | ---D | C] -- V:\Programme\Hewlett-Packard
[2010.09.23 18:22:55 | 000,000,000 | ---D | C] -- V:\Programme\Common Files\Hewlett-Packard
[2010.09.23 18:22:34 | 000,000,000 | ---D | C] -- V:\Programme\Common Files\HP
[2010.09.23 18:18:52 | 000,000,000 | -H-D | C] -- V:\Config.Msi
[2010.09.23 18:18:03 | 000,000,000 | ---D | C] -- V:\ProgramData\HP
[2010.09.23 14:44:58 | 000,000,000 | ---D | C] -- V:\Users\*****\Desktop\fullhtml-Dateien
[2010.09.21 00:04:01 | 000,000,000 | ---D | C] -- V:\Programme\Conduit
[2010.09.21 00:03:59 | 000,000,000 | ---D | C] -- V:\Programme\MessengerPlusLive_Germany_TB
[2010.09.15 20:54:17 | 000,000,000 | ---D | C] -- V:\Programme\Mozilla Firefox
[2010.09.15 16:44:12 | 000,000,000 | ---D | C] -- V:\Users\*****\Documents\TuneUp.Utilities.2010.v9.0.2000.17.Incl.Keymaker-CORE
[2010.09.15 16:37:26 | 000,000,000 | ---D | C] -- V:\Programme\XP TCPIP Repair
[2010.09.14 21:07:43 | 008,373,184 | ---- | C] (Mozilla) -- V:\Users\*****\Documents\Firefox Setup 3.6.9.exe
[2010.09.14 20:38:01 | 000,921,512 | ---- | C] (Symantec Corporation) -- V:\Users\*****\Documents\Norton_Removal_Tool_2011.exe
[2010.08.31 22:56:41 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\Molia
[2009.08.26 15:51:55 | 000,061,440 | ---- | C] ( ) -- V:\Windows\System32\PrxerNsp.dll
[1 V:\Windows\System32\*.tmp files -> V:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.09.30 17:46:28 | 007,340,032 | ---- | M] () -- V:\Users\*****\ntuser.dat
[2010.09.30 17:41:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- V:\Users\*****\Documents\OTL.exe
[2010.09.30 17:40:53 | 000,001,094 | ---- | M] () -- V:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.30 17:40:45 | 000,002,078 | ---- | M] () -- V:\Users\Public\Desktop\Google Earth.lnk
[2010.09.30 17:39:00 | 000,001,090 | ---- | M] () -- V:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.30 17:37:25 | 000,000,823 | ---- | M] () -- V:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.30 17:37:04 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- V:\Users\*****\Documents\mbam-setup.exe
[2010.09.30 17:06:48 | 000,006,000 | -H-- | M] () -- V:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.30 17:06:47 | 000,006,000 | -H-- | M] () -- V:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.30 17:06:30 | 000,000,006 | -H-- | M] () -- V:\Windows\tasks\SA.DAT
[2010.09.30 17:06:27 | 000,067,584 | --S- | M] () -- V:\Windows\bootstat.dat
[2010.09.30 17:06:24 | 2145,902,592 | -HS- | M] () -- V:\hiberfil.sys
[2010.09.30 17:06:22 | 000,803,233 | ---- | M] () -- V:\Windows\System32\oodbs.lor
[2010.09.29 23:28:10 | 000,524,288 | -HS- | M] () -- V:\Users\*****\ntuser.dat{6147b8f2-05ac-11df-8c67-0019dba7e8af}.TMContainer00000000000000000001.regtrans-ms
[2010.09.29 23:28:10 | 000,065,536 | -HS- | M] () -- V:\Users\*****\ntuser.dat{6147b8f2-05ac-11df-8c67-0019dba7e8af}.TM.blf
[2010.09.29 23:27:27 | 002,484,026 | -H-- | M] () -- V:\Users\*****\AppData\Local\IconCache.db
[2010.09.23 18:26:42 | 000,164,302 | ---- | M] () -- V:\Windows\hpoins19.dat
[2010.09.23 18:26:00 | 000,000,179 | ---- | M] () -- V:\Windows\win.ini
[2010.09.23 18:25:15 | 000,002,034 | ---- | M] () -- V:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2010.09.23 18:24:13 | 000,001,209 | ---- | M] () -- V:\Users\Public\Desktop\HP Solution Center.lnk
[2010.09.23 18:23:21 | 000,001,977 | ---- | M] () -- V:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010.09.23 14:44:58 | 000,028,474 | ---- | M] () -- V:\Users\*****\Desktop\fullhtml.htm
[2010.09.21 00:03:10 | 000,012,176 | ---- | M] () -- V:\Users\*****\Desktop\KÜNDIGUNG.odt
[2010.09.15 20:54:21 | 000,001,729 | ---- | M] () -- V:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.09.15 20:46:46 | 007,340,032 | ---- | M] () -- V:\Users\*****\ntuser.dat_previous
[2010.09.15 16:43:37 | 020,947,036 | ---- | M] () -- V:\Users\*****\Documents\tu2v021ikc.rar
[2010.09.14 21:40:56 | 000,000,809 | ---- | M] () -- V:\Users\*****\Desktop\CCleaner.lnk
[2010.09.14 21:26:56 | 000,029,997 | ---- | M] () -- V:\Users\*****\Desktop\bookmarks-2010-09-14.json
[2010.09.14 21:07:43 | 008,373,184 | ---- | M] (Mozilla) -- V:\Users\*****\Documents\Firefox Setup 3.6.9.exe
[2010.09.14 20:38:02 | 000,921,512 | ---- | M] (Symantec Corporation) -- V:\Users\*****\Documents\Norton_Removal_Tool_2011.exe
[1 V:\Windows\System32\*.tmp files -> V:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.30 17:40:45 | 000,002,078 | ---- | C] () -- V:\Users\Public\Desktop\Google Earth.lnk
[2010.09.30 17:37:25 | 000,000,823 | ---- | C] () -- V:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.23 18:25:15 | 000,002,034 | ---- | C] () -- V:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2010.09.23 18:24:13 | 000,001,209 | ---- | C] () -- V:\Users\Public\Desktop\HP Solution Center.lnk
[2010.09.23 18:23:21 | 000,001,977 | ---- | C] () -- V:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010.09.23 18:18:10 | 000,164,302 | ---- | C] () -- V:\Windows\hpoins19.dat
[2010.09.23 18:17:57 | 000,026,952 | ---- | C] () -- V:\Windows\hpomdl19.dat
[2010.09.23 15:10:55 | 000,005,804 | ---- | C] () -- V:\ProgramData\hpzinstall.log
[2010.09.23 14:44:58 | 000,028,474 | ---- | C] () -- V:\Users\*****\Desktop\fullhtml.htm
[2010.09.21 00:03:09 | 000,012,176 | ---- | C] () -- V:\Users\*****\Desktop\KÜNDIGUNG.odt
[2010.09.15 20:54:21 | 000,001,729 | ---- | C] () -- V:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.09.15 16:43:37 | 020,947,036 | ---- | C] () -- V:\Users\*****\Documents\tu2v021ikc.rar
[2010.09.14 21:26:56 | 000,029,997 | ---- | C] () -- V:\Users\*****\Desktop\bookmarks-2010-09-14.json
[2010.07.04 17:51:36 | 000,000,552 | ---- | C] () -- V:\Users\*****\AppData\Local\d3d8caps.dat
[2010.07.04 16:08:47 | 000,138,056 | ---- | C] () -- V:\Users\*****\AppData\Roaming\PnkBstrK.sys
[2009.11.13 14:16:58 | 000,076,407 | ---- | C] () -- V:\Users\*****\AppData\Roaming\Smiley.ico
[2009.10.24 15:17:55 | 000,000,187 | ---- | C] () -- V:\Users\*****\AppData\Roaming\burnaware.ini
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- V:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- V:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.05 01:44:26 | 000,139,128 | ---- | C] () -- V:\Windows\System32\drivers\PnkBstrK.sys
[2009.09.04 22:56:54 | 000,281,760 | ---- | C] () -- V:\Windows\System32\drivers\atksgt.sys
[2009.09.04 22:56:53 | 000,025,888 | ---- | C] () -- V:\Windows\System32\drivers\lirsgt.sys
[2009.08.31 02:30:28 | 000,000,000 | ---- | C] () -- V:\Windows\OODCNT.INI
[2009.08.30 17:29:56 | 000,000,065 | ---- | C] () -- V:\Windows\powerplayer.ini
[2009.08.30 17:29:56 | 000,000,040 | ---- | C] () -- V:\Windows\psnetwork.ini
[2009.08.26 19:22:01 | 000,722,416 | ---- | C] () -- V:\Windows\System32\drivers\sptd.sys
[2009.08.26 15:51:59 | 000,000,178 | ---- | C] () -- V:\Users\*****\AppData\Roaming\Current.prx
[2009.08.26 01:14:17 | 000,034,308 | ---- | C] () -- V:\Windows\System32\BASSMOD.dll
[2009.08.24 06:29:54 | 000,043,008 | ---- | C] () -- V:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.24 02:49:05 | 000,082,289 | ---- | C] () -- V:\Windows\System32\lvcoinst.ini
[2009.08.24 02:02:50 | 000,000,056 | -H-- | C] () -- V:\ProgramData\ezsidmv.dat
[2009.08.23 19:05:28 | 000,008,268 | ---- | C] () -- V:\Users\*****\AppData\Local\d3d9caps.dat
[2009.06.02 18:11:16 | 000,085,504 | ---- | C] () -- V:\Windows\System32\ff_vfw.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- V:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- V:\Windows\System32\xvidcore.dll
[2009.04.11 15:19:09 | 000,117,248 | ---- | C] () -- V:\Windows\System32\EhStorAuthn.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- V:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelFrench.dll
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- V:\Windows\System32\ff_vfw.dll.manifest
[2008.01.21 04:23:41 | 000,081,158 | ---- | C] () -- V:\Windows\System32\manage-bde.ini.en
[2008.01.08 08:17:04 | 000,009,824 | ---- | C] () -- V:\Windows\System32\34CoInstaller.dll
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- V:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- V:\Windows\AviSplitter.INI
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- V:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- V:\Windows\System32\pacerprf.ini
[2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- V:\Windows\System32\OggDS.dll
[2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- V:\Windows\System32\vorbisenc.dll
[2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- V:\Windows\System32\vorbis.dll
[2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- V:\Windows\System32\ogg.dll
[1998.09.25 13:00:00 | 000,056,832 | ---- | C] () -- V:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2009.08.27 01:40:28 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\2K Sports
[2009.08.27 01:46:09 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\DAEMON Tools Pro
[2009.11.13 16:19:48 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\dBpoweramp
[2009.11.30 23:03:27 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Downloaded Installations
[2009.08.26 01:29:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\FlashFXP
[2010.01.11 21:59:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\flightgear.org
[2010.09.23 21:06:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Image Zone Express
[2009.08.24 22:37:08 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\IrfanView
[2009.10.30 17:30:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Leadertech
[2010.08.31 22:56:41 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Molia
[2009.09.16 22:44:33 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\OpenOffice.org
[2009.08.30 02:26:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\PiX-ART.com
[2010.03.21 16:10:23 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Playrix Entertainment
[2009.08.30 17:29:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\ppstream
[2010.09.23 21:06:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Printer Info Cache
[2009.08.27 17:31:16 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\ProtectDisc
[2010.09.30 17:45:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Qeocyl
[2009.08.24 00:26:00 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Steganos VPN
[2009.10.01 21:16:12 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\StreamTorrent
[2009.08.30 02:06:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Summer Athletics 2009
[2010.01.25 20:22:26 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TAITO
[2010.01.27 15:07:36 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TitanicMystery
[2009.08.24 17:25:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TuneUp Software
[2009.10.04 09:27:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Ubisoft
[2009.08.27 18:46:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\UNOUndercover
[2009.10.09 14:45:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\uTorrent
[2009.08.25 02:06:13 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\VistaCodecs
[2009.08.27 17:06:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Zylom
[2010.09.29 23:27:54 | 000,032,582 | ---- | M] () -- V:\Windows\Tasks\SCHEDLGU.TXT
[2009.08.24 02:01:58 | 000,000,204 | ---- | M] () -- V:\Windows\Tasks\{2034705D-2D06-4701-8766-5D6C9CE0234E}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.08.27 01:40:28 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\2K Sports
[2009.11.13 15:51:47 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\AccurateRip
[2010.01.22 17:59:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Adobe
[2009.12.29 23:17:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Apple Computer
[2009.08.27 01:46:09 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\DAEMON Tools Pro
[2009.11.13 16:19:48 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\dBpoweramp
[2009.11.30 23:03:27 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Downloaded Installations
[2009.10.24 14:56:31 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\dvdcss
[2009.08.26 01:29:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\FlashFXP
[2010.01.11 21:59:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\flightgear.org
[2010.09.23 18:33:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\HP
[2009.08.27 17:06:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Identities
[2010.09.23 21:06:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Image Zone Express
[2009.09.04 21:32:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\InstallShield
[2009.08.24 22:37:08 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\IrfanView
[2009.10.30 17:30:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Leadertech
[2009.08.23 19:14:12 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Macromedia
[2010.09.30 17:37:28 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Malwarebytes
[2009.08.25 01:39:53 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Media Player Classic
[2010.02.26 21:11:36 | 000,000,000 | --SD | M] -- V:\Users\*****\AppData\Roaming\Microsoft
[2009.08.26 01:26:59 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mIRC
[2010.08.31 22:56:41 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Molia
[2010.09.15 18:31:03 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Mozilla
[2009.09.16 22:44:33 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\OpenOffice.org
[2009.08.30 02:26:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\PiX-ART.com
[2010.03.21 16:10:23 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Playrix Entertainment
[2009.08.30 17:29:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\ppstream
[2010.09.23 21:06:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Printer Info Cache
[2009.08.27 17:31:16 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\ProtectDisc
[2010.09.30 17:45:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Qeocyl
[2009.10.31 16:59:21 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Real
[2009.08.27 16:23:18 | 000,000,000 | RH-D | M] -- V:\Users\*****\AppData\Roaming\SecuROM
[2009.08.24 05:59:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Skype
[2009.08.24 02:02:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\skypePM
[2009.08.24 00:26:00 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Steganos VPN
[2009.10.01 21:16:12 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\StreamTorrent
[2009.08.30 02:06:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Summer Athletics 2009
[2010.01.25 20:22:26 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TAITO
[2009.08.25 21:28:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\teamspeak2
[2010.01.27 15:07:36 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TitanicMystery
[2009.08.24 17:25:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TuneUp Software
[2010.02.20 16:52:45 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TVU Networks
[2009.10.04 09:27:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Ubisoft
[2009.08.27 18:46:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\UNOUndercover
[2009.10.09 14:45:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\uTorrent
[2009.08.25 02:06:13 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\VistaCodecs
[2010.09.07 10:29:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\vlc
[2009.08.24 23:23:27 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Winamp
[2009.08.23 21:30:37 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\WinRAR
[2009.08.27 17:06:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Zylom
< %APPDATA%\*.exe /s >
[2010.08.01 14:56:03 | 000,010,134 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\ARPPRODUCTICON.exe
[2010.08.01 14:56:03 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\NewShortcut1_3F5635E9FDB242208D4B17E0035994DA.exe
[2010.08.01 14:56:03 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\SC_stargame1_3F5635E9FDB242208D4B17E0035994DA.exe
[2009.08.27 20:48:58 | 000,006,766 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{DA399721-2D85-471E-A447-9CCD89A89CA8}\_18be6784.exe
[2009.08.27 20:48:58 | 000,007,078 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{DA399721-2D85-471E-A447-9CCD89A89CA8}\_294823.exe
[2009.08.27 20:48:58 | 000,006,766 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{DA399721-2D85-471E-A447-9CCD89A89CA8}\_4ae13d6c.exe
[2009.08.28 19:14:01 | 000,010,134 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.08.31 22:56:41 | 000,115,712 | ---- | M] () -- V:\Users\*****\AppData\Roaming\Molia\epaps.exe
[2010.02.20 16:52:53 | 005,562,672 | ---- | M] (TVU networks) -- V:\Users\*****\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.4.9.1.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- V:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 15:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- V:\Windows\System32\drivers\atapi.sys
[2009.04.11 15:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- V:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 15:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- V:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- V:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- V:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- V:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- V:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- V:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2009.04.11 15:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- V:\Windows\explorer.exe
[2009.04.11 15:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- V:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
< MD5 for: IASTORV.SYS >
[2008.01.21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- V:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- V:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- V:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- V:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 15:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- V:\Windows\System32\netlogon.dll
[2009.04.11 15:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- V:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- V:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- V:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- V:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- V:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.04.11 15:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- V:\Windows\System32\scecli.dll
[2009.04.11 15:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- V:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2009.04.11 15:19:29 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\user32.dll
[2009.04.11 15:19:29 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.21 04:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- V:\Windows\System32\userinit.exe
[2008.01.21 04:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- V:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\2K\viamraid.sys
[2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\SRV2003\x86\viamraid.sys
[2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\XP\x86\viamraid.sys
[2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\2K\viamraid.sys
[2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\SRV2003\x86\viamraid.sys
[2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\XP\x86\viamraid.sys
[2008.09.26 16:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2008.09.26 16:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\VISTA\x86\viamraid.sys
[2008.09.26 16:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2008.09.26 16:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\VISTA\x86\viamraid.sys
[2007.12.19 19:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007.12.19 19:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\NT4\viamraid.sys
[2007.12.19 19:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007.12.19 19:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\NT4\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2009.04.11 15:19:45 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- V:\Windows\System32\winlogon.exe
[2009.04.11 15:19:45 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- V:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:22:55 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- V:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:22:55 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- V:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.26 19:22:02 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- V:\Windows\System32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.04.11 16:14:01 | 025,030,656 | ---- | M] () -- V:\Windows\System32\config\COMPONENTS.SAV
[2009.04.11 16:13:38 | 000,106,496 | ---- | M] () -- V:\Windows\System32\config\DEFAULT.SAV
[2009.04.11 16:14:01 | 000,020,480 | ---- | M] () -- V:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- V:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- V:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\dxtrans.dll
[2010.05.04 07:55:41 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\iepeers.dll
[2009.04.11 15:19:41 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\rsaenh.dll
[2009.04.11 15:19:39 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\SLC.dll
[1 V:\Windows\system32\*.tmp files -> V:\Windows\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> V:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 133 bytes -> V:\ProgramData\TEMP:4E9307D7
< End of report >
--- --- ---
Hier die Extras:OTL Logfile: Code:
OTL Extras logfile created on: 30.09.2010 17:44:28 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = V:\Users\*****\Documents
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = V: | %SystemRoot% = V:\Windows | %ProgramFiles% = V:\Program Files
Drive C: | 148,07 Gb Total Space | 98,42 Gb Free Space | 66,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 100,01 Gb Total Space | 20,38 Gb Free Space | 20,38% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive V: | 50,01 Gb Total Space | 10,70 Gb Free Space | 21,40% Space Free | Partition Type: NTFS
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- V:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- V:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- V:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "V:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "V:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "V:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "V:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "V:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "V:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-792815470-2588575354-2298569724-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"V:\Program Files\FlashFXP\FlashFXP.exe" = V:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (Copyright ® 1998-2007 =NF=LOVE[BCG][DFCG][YYePG])
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"V:\Program Files\FlashFXP\FlashFXP.exe" = V:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (Copyright ® 1998-2007 =NF=LOVE[BCG][DFCG][YYePG])
"V:\Program Files\PPStream\PPStream.exe" = V:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0DE62C-B2A4-40FC-BD6A-C1632628E33D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3EE3C05C-A203-4198-BEBF-ABDE17C3F9CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4A152DD9-2463-4410-8B76-32C311EB7EC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4FD71418-4CEE-4E66-AD44-623D9EC46D84}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5C3CF249-16BB-4809-A8C0-43A4E081634F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6117CC19-1786-4D03-A93F-11CF7F72708C}" = lport=138 | protocol=17 | dir=in | app=system |
"{63528080-76F7-4D31-A99F-A47C26407613}" = lport=137 | protocol=17 | dir=in | app=system |
"{70CD1615-9B08-4585-9FF8-E56286484D31}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E8099CF-1A95-46D6-A5B0-0DE17D74B454}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3D6C176-F656-4979-BF20-AC2A248C352B}" = lport=139 | protocol=6 | dir=in | app=system |
"{C6E0CE2D-B95B-48C0-A1F7-670BCD09A438}" = rport=445 | protocol=6 | dir=out | app=system |
"{DEFDD4FA-77C8-4537-A826-30412F8F1549}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16DA6DE4-C11F-492B-AF3A-0DD5836DCDCA}" = protocol=6 | dir=in | app=v:\users\*****\appdata\local\temp\7zsd9bb.tmp\symnrt.exe |
"{1D20E2A4-854F-43AF-A5B1-9E616F0A0AC3}" = protocol=6 | dir=in | app=v:\users\*****\appdata\local\temp\7zs8c95.tmp\symnrt.exe |
"{1EE88C4D-EECB-449E-98F7-054B023E54E2}" = protocol=17 | dir=in | app=v:\program files\itunes\itunes.exe |
"{1F346170-AB7C-4992-8DC6-1866341A4458}" = protocol=17 | dir=in | app=h:\spiele\age of empires iii\age3x.exe |
"{21C83165-7783-4C2B-88BA-25C53F1F9950}" = protocol=6 | dir=in | app=v:\program files\logitech\logitech vid\vid.exe |
"{257CED63-0FE4-4537-8CB5-35922FA25D10}" = protocol=6 | dir=in | app=v:\users\*****\appdata\local\temp\7zse5cc.tmp\symnrt.exe |
"{2C431F36-2C55-499E-AF97-F7C8B8C98840}" = protocol=6 | dir=in | app=h:\spiele\anno 1404\tools\anno4web.exe |
"{3063136E-7CE8-40C3-82FC-1310A392B4B1}" = protocol=17 | dir=in | app=v:\windows\system32\pnkbstra.exe |
"{34B02595-5456-4AEC-93DA-9AD84346B210}" = dir=in | app=v:\program files\windows live\messenger\wlcsdk.exe |
"{36856E12-99FD-482C-B466-C1C817C7AE30}" = protocol=6 | dir=in | app=v:\windows\system32\pnkbstrb.exe |
"{37B5AD85-853B-4137-87BD-281B1B9E5340}" = protocol=17 | dir=in | app=v:\windows\system32\pnkbstrb.exe |
"{3AC6B995-BC18-4390-884B-6AA853E4A296}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4F324F6A-7535-4F35-99C0-357F8DA5D653}" = protocol=6 | dir=in | app=h:\spiele\age of empires iii\age3x.exe |
"{5103F4F5-1699-4468-BAD5-6F94D6DA2F4A}" = protocol=17 | dir=in | app=h:\spiele\anno 1404\tools\anno4web.exe |
"{6B3227FA-49EB-447F-8975-76E57F425EEA}" = protocol=17 | dir=in | app=v:\users\*****\appdata\local\temp\7zsd9bb.tmp\symnrt.exe |
"{7BCB1FBE-31E2-4325-AED1-6AE00A644D7B}" = protocol=17 | dir=in | app=h:\spiele\call of duty 5\codwawmp.exe |
"{81B140B0-E8D0-46CA-B66A-529038B9C6C8}" = protocol=17 | dir=in | app=h:\spiele\age of empires iii\age3y.exe |
"{91C4ABAC-D7FA-4ED1-BE03-50C4F4B640AF}" = protocol=6 | dir=in | app=h:\spiele\anno 1404\anno4.exe |
"{9252FFA5-6DC7-4161-83C0-7701847AC1B6}" = protocol=6 | dir=in | app=v:\program files\itunes\itunes.exe |
"{955EB99E-589A-426A-A4CF-86844F7F56BA}" = protocol=17 | dir=in | app=v:\users\*****\appdata\local\temp\7zs8c95.tmp\symnrt.exe |
"{98573E04-92E4-4A56-A2DE-405B53AEA435}" = protocol=17 | dir=in | app=h:\spiele\call of duty 5\codwaw.exe |
"{9BEBF44F-2AFE-4385-BBA1-52556938F676}" = protocol=6 | dir=in | app=v:\program files\logitech\logitech vid\vid.exe |
"{9D4A94D8-AA91-454A-8567-71325A3AF853}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A07E009F-81C5-4746-A1F8-C31D027C2FFA}" = protocol=17 | dir=in | app=h:\spiele\anno 1404\anno4.exe |
"{A0A6FBA5-4640-4A6F-B2F9-3FC4311904DB}" = protocol=6 | dir=in | app=v:\windows\system32\pnkbstra.exe |
"{B1BD6F3B-862E-4C0E-803F-C82B6945BF21}" = protocol=6 | dir=in | app=h:\spiele\call of duty 5\codwawmp.exe |
"{C107C03B-1C0E-4BA9-9C36-BBEF38D45209}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8A3E3BE-424F-4AC1-AAFF-A6399E6FA674}" = protocol=6 | dir=in | app=h:\spiele\call of duty 5\codwaw.exe |
"{CD0B50D4-312C-4451-AFF5-99C97E9AF679}" = protocol=17 | dir=in | app=v:\program files\logitech\logitech vid\vid.exe |
"{CFD3A840-1CA7-41BD-B8D0-0A4F508D2793}" = dir=in | app=v:\program files\skype\phone\skype.exe |
"{D2F4D1BA-A04C-4E75-9CC9-EEF2D08E3B66}" = protocol=17 | dir=in | app=v:\users\*****\appdata\local\temp\7zs1bfb.tmp\symnrt.exe |
"{D829C7E9-7298-4150-86C8-5B7B81AB6021}" = protocol=17 | dir=in | app=v:\program files\logitech\logitech vid\vid.exe |
"{E01D00D1-3E86-45EC-AF4C-E1BAC4D934EA}" = protocol=6 | dir=in | app=h:\spiele\age of empires iii\age3y.exe |
"{EA775DD5-0E04-49EA-9AA4-6122668D0698}" = dir=in | app=v:\program files\windows live\messenger\msnmsgr.exe |
"{F4399AB5-1E17-4752-A658-4B8C798415E8}" = protocol=6 | dir=in | app=v:\users\*****\appdata\local\temp\7zs1bfb.tmp\symnrt.exe |
"{FEDE0A15-3017-4A6F-A5E2-62957E77D528}" = protocol=17 | dir=in | app=v:\users\*****\appdata\local\temp\7zse5cc.tmp\symnrt.exe |
"{FF04E7E2-052F-4F31-A252-6245989401B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{024FF662-77A3-4F93-831C-C4C3B90ACE7B}V:\windows\explorer.exe" = protocol=6 | dir=in | app=v:\windows\explorer.exe |
"TCP Query User{2C651D60-C994-4AE0-BBF0-D9CC228E2D28}V:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=v:\windows\system32\taskeng.exe |
"TCP Query User{2DF373FB-98C2-46E5-8FE5-17EE8618E724}V:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=v:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{37E197DD-55FD-415E-A8CF-748810C872F9}V:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=v:\windows\system32\taskeng.exe |
"TCP Query User{56879598-98DB-4A58-B941-02BCDFB572ED}V:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=v:\program files\java\jre6\bin\java.exe |
"TCP Query User{5D6CDACC-421F-4DEF-9140-FFEC4E3A7172}V:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=v:\program files\sopcast\sopcast.exe |
"TCP Query User{6077FAA9-166A-4A49-95AE-9CD86CCAE6BF}H:\spiele\die 15 beliebtesten kartenspiele\bin\cards.exe" = protocol=6 | dir=in | app=h:\spiele\die 15 beliebtesten kartenspiele\bin\cards.exe |
"TCP Query User{7495A94D-A4E4-4302-BFAC-A499FE85310D}V:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8AF7A5F5-DF3C-4C8F-AA51-000FC3573222}V:\mirc\mirc.exe" = protocol=6 | dir=in | app=v:\mirc\mirc.exe |
"TCP Query User{B0482D8B-F69B-45E9-AD94-D1A29DF37ED8}V:\windows\explorer.exe" = protocol=6 | dir=in | app=v:\windows\explorer.exe |
"TCP Query User{D8B0D74F-5788-4A2F-BA88-6973665D4AB5}V:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1D320529-D6C2-4304-9E2F-818A22D16609}V:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=v:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{1F327155-7A29-47F2-B010-8CC4C3569A86}V:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=v:\program files\sopcast\sopcast.exe |
"UDP Query User{2F7FF759-3036-44EC-A1C8-2583F992C8DC}V:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{53EB9397-BED1-4124-9705-FFDFF34DA84D}V:\windows\explorer.exe" = protocol=17 | dir=in | app=v:\windows\explorer.exe |
"UDP Query User{62330AEF-2F12-4176-9326-19D3EB08A0C5}V:\mirc\mirc.exe" = protocol=17 | dir=in | app=v:\mirc\mirc.exe |
"UDP Query User{796AB1BF-E996-4CA3-9C6B-6A332C512E21}V:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A5ADC64B-4D87-43FF-BBF2-8E0640746676}V:\windows\explorer.exe" = protocol=17 | dir=in | app=v:\windows\explorer.exe |
"UDP Query User{BB052967-6800-46A4-BC55-5203517DCE9A}V:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=v:\program files\java\jre6\bin\java.exe |
"UDP Query User{BC6F2657-BF94-432F-8142-12C283ACB4A1}V:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=v:\windows\system32\taskeng.exe |
"UDP Query User{CD7BA219-B5C0-43A8-99B2-06F620FC33E0}V:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=v:\windows\system32\taskeng.exe |
"UDP Query User{DEB5772D-0338-48EC-BD98-0C9E92E58937}H:\spiele\die 15 beliebtesten kartenspiele\bin\cards.exe" = protocol=17 | dir=in | app=h:\spiele\die 15 beliebtesten kartenspiele\bin\cards.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F5635E9-FDB2-4220-8D4B-17E0035994DA}" = Panzer Elite Action MP Demo
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4E65796E-62E4-4EF7-9E1E-AADB7E0371CB}" = Eisenbahn.exe Professional 5.0 DEMO
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51AA8C3F-B316-44A8-B371-4BB6047E45DF}" = WSC Real 09
"{51FEEDB2-CE1E-474B-A0B3-DF1630FAE8F1}_is1" = Sprengmeister DEMO 1.3.11
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{79A8BCE9-88D4-408F-9F05-94EED5552836}" = 4x4 Hummer
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E3ADD7-AFDB-4FE5-B517-7FC6617D340E}" = Motorola Driver Installation 4.2.4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C488DA2-01C0-47A4-A4C9-7A1F82B819D9}" = Construction - Destruction
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D95F0670-EBA8-46B2-8ABE-9DDA2BC3DC7E}" = Philips SPC315NC Webcam
"{DA399721-2D85-471E-A447-9CCD89A89CA8}" = BahnsimPRO
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}" = O&O Defrag Professional Edition
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E21346-E070-40CE-A9A9-D5AB83722382}" = Steganos Internet Anonym VPN
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition
"BurnAware Free_is1" = BurnAware Free 2.4.1
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"CCleaner" = CCleaner
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Die 15 beliebtesten Kartenspiele_is1" = Die 15 beliebtesten Kartenspiele
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DSGPlayer" = SAT1 GAME CENTER
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{9C488DA2-01C0-47A4-A4C9-7A1F82B819D9}" = Construction - Destruction
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Invision 2.0 Build 3515" = Invision 2.0 Build 3515
"IrfanView" = IrfanView (remove only)
"Ironclads - Schleswig War Demo_is1" = Ironclads - Schleswig War Demo (version 1.3.0.11)
"IsoBuster_is1" = IsoBuster 2.8
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"OEMInformation" = OEM Logo and Information
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Panzer Simulator - 30 Minuten Demo" = Panzer Simulator - 30 Minuten Demo (entfernen)
"Passfoto Manager_is1" = Passfoto Manager Ver. 1.3
"PokerStars" = PokerStars
"PPStream_is1" = PPStream
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Proxifier_is1" = Proxifier version 2.8
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"RocketDock_is1" = RocketDock 1.3.5
"Shipsim2008" = Ship Simulator 2008
"Sky Fight_is1" = Sky Fight
"SopCast" = SopCast 3.2.4
"Spreng- und Abriss-Simulator (Demo)" = Spreng- und Abriss-Simulator (Demo)
"StreamTorrent 1.0" = Stream Torrent 1.0
"Summer Athletics 2009_is1" = Summer Athletics 2009
"Supreme Auction_is1" = Supreme Auction
"SystemRequirementsLab" = System Requirements Lab
"Tank Simulation Demo" = Tank Simulation Demo
"TankTime 3D MultiPlayer_is1" = TankTime 3D MultiPlayer 1.1
"THIV_is1" = The Hell in Vietnam
"TVUPlayer" = TVUPlayer 2.4.7.2
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Veetle TV" = Veetle TV 0.9.15
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Virtual Railroad Professional 4.0 Demo" = Virtual Railroad Professional 4.0 Demo
"VLC media player" = VLC media player 1.0.1
"VueScan" = VueScan
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"World_Series_Of_Poker_1.0" = World Series Of Poker
"xp-AntiSpy" = xp-AntiSpy 3.97-3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Monopoly Deluxe" = Monopoly Deluxe
"Seamulator 2009" = Seamulator 2009
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.09.2010 10:03:14 | Computer Name = *****-PC | Source = ESENT | ID = 215
Description = WinMail (1808) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 24.09.2010 12:02:53 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 24.09.2010 12:03:19 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 25.09.2010 04:09:32 | Computer Name = *****-PC | Source = ESENT | ID = 484
Description = WinMail (2468) WindowsMail0: Versuch, Ordner "V:\Users\*****\AppData\Local\Microsoft\Windows
Mail\Backup\old" zu entfernen, ist mit Systemfehler 145 (0x00000091): "Das Verzeichnis
ist nicht leer. " fehlgeschlagen. Fehler -1022 (0xfffffc02) beim Entfernen von
Ordnern.
Error - 25.09.2010 04:09:32 | Computer Name = *****-PC | Source = ESENT | ID = 215
Description = WinMail (2468) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 28.09.2010 11:54:08 | Computer Name = *****-PC | Source = ESENT | ID = 484
Description = WinMail (5100) WindowsMail0: Versuch, Ordner "V:\Users\*****\AppData\Local\Microsoft\Windows
Mail\Backup\old" zu entfernen, ist mit Systemfehler 145 (0x00000091): "Das Verzeichnis
ist nicht leer. " fehlgeschlagen. Fehler -1022 (0xfffffc02) beim Entfernen von
Ordnern.
Error - 28.09.2010 11:54:08 | Computer Name = *****-PC | Source = ESENT | ID = 215
Description = WinMail (5100) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 28.09.2010 17:40:40 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 28.09.2010 17:41:00 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 29.09.2010 17:27:48 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MotoConnect.exe, Version 1.1.19.0, Zeitstempel
0x4b25e0ca, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fbae, Prozess-ID 0x69c,
Anwendungsstartzeit 01cb601d29a6468b.
[ Media Center Events ]
Error - 23.09.2010 09:28:57 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 23.09.2010 09:36:08 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 23.09.2010 12:36:53 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 24.09.2010 07:29:32 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 24.09.2010 08:29:16 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 24.09.2010 09:26:31 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 24.09.2010 16:02:30 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 25.09.2010 04:08:51 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 25.09.2010 05:31:59 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 28.09.2010 11:53:06 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
[ System Events ]
Error - 13.02.2010 10:51:16 | Computer Name = *****-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 15.02.2010 03:06:10 | Computer Name = *****-PC | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "V:" wurde während der Ermittlung abgebrochen.
Error - 15.02.2010 03:07:15 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.02.2010 06:41:55 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.02.2010 10:50:59 | Computer Name = *****-PC | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "V:" wurde während der Ermittlung abgebrochen.
Error - 15.02.2010 10:53:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.02.2010 01:28:39 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.02.2010 15:02:20 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.02.2010 02:08:00 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.02.2010 11:15:14 | Computer Name = *****-PC | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "V:" wurde während der Ermittlung abgebrochen.
[ TuneUp Events ]
Error - 01.09.2010 15:28:24 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 02.09.2010 16:11:28 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 04.09.2010 07:55:19 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 05.09.2010 12:01:28 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.09.2010 12:09:59 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.09.2010 09:36:22 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.09.2010 09:23:38 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 10.09.2010 08:33:51 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 10.09.2010 13:18:00 | Computer Name = *****-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 10.09.2010 13:21:34 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
--- --- ---
Hier noch die MalwareBytes Logfile:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4722
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
30.09.2010 17:47:03
mbam-log-2010-09-30 (17-47-03).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150345
Laufzeit: 7 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{bb571243-db00-129a-d141-3b29754d5171} (Spyware.Zbot) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
V:\Users\Willi\AppData\Roaming\Molia\epaps.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
Habe 2 Datein löschen können, das eigentlich Problem besteht jedoch weiterhin. :\ |
