Hallo,
vielen Dank für die superschnelle Antwort. Obwohl ich die Product Recovery CD Windows XP Home SP2 CD mittlerweile gefunden habe will ich mal ohne Formatieren versuchen. Ich habe gem. deiner Anleitung die Programme ausgeführt. Folgende Log Dateien:
OTL Logfile:
OTL EXTRAS Logfile: Code:
OTL logfile created on: 10.01.2011 21:09:02 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Dokumente und Einstellungen\Stefan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 521,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 88,65 Gb Total Space | 27,40 Gb Free Space | 30,91% Space Free | Partition Type: NTFS
Drive D: | 93,98 Gb Total Space | 24,94 Gb Free Space | 26,54% Space Free | Partition Type: NTFS
Computer Name: STEFAN | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.01.10 21:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Stefan\Desktop\OTL.exe
PRC - [2010.12.27 07:54:57 | 000,910,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.09.11 15:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.30 04:11:22 | 001,554,184 | ---- | M] (FlashGet.com) -- C:\Programme\FlashGet\flashget.exe
PRC - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MsMpEng.exe
PRC - [2006.07.30 22:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe
PRC - [2005.04.03 20:13:16 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2005.03.09 20:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
PRC - [2001.11.20 11:51:28 | 000,356,352 | ---- | M] () -- C:\Programme\Samsung Mouse\Samsung Mouse\2.0p\Mouse32A.exe
========== Modules (SafeList) ==========
MOD - [2011.01.10 21:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Stefan\Desktop\OTL.exe
MOD - [2006.08.25 16:46:44 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2002.01.10 07:19:56 | 000,073,728 | ---- | M] () -- C:\Programme\Samsung Mouse\Samsung Mouse\2.0p\MOUDL32A.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\mswmdmsrv.dll -- (WmdmPmSN)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.04.15 21:53:22 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005.03.09 20:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Amps2prt.sys -- (Amps2prt)
DRV - [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.27 20:37:57 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.10.13 19:12:25 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.10.13 19:12:24 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007.09.17 00:07:00 | 006,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007.08.24 23:59:58 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.07.03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.07.01 20:20:00 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.02\RivaTuner32.sys -- (RivaTuner32)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.03.27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.04.21 12:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2005.04.15 21:31:04 | 000,006,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\HWACCESS.SYS -- (HWACCESS)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005.01.02 02:10:37 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004.11.03 11:53:24 | 000,025,856 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g3gcumdm.sys -- (G3GCUMDM)
DRV - [2004.11.03 11:53:24 | 000,022,656 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g3gcuser.sys -- (G3GCUSER)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003.11.18 10:01:34 | 000,062,673 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003.07.16 14:58:30 | 000,013,056 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002.10.01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.09.16 17:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002.05.06 23:03:10 | 000,004,789 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\chimou2k.sys -- (chimou2k)
DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.Aon.at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.upc.at/inode
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.27 07:55:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.27 07:55:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.01.05 15:10:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.08.25 17:21:31 | 000,000,000 | ---D | M]
[2010.09.28 22:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Extensions
[2010.09.28 22:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.24 20:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1ywxhn31.default\extensions
[2010.08.24 20:21:12 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1ywxhn31.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.01.10 17:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions
[2010.03.10 20:40:45 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2010.11.28 17:03:34 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2006.04.08 09:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2005.04.02 08:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010.03.10 20:40:45 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
[2010.11.28 17:03:26 | 000,000,000 | ---D | M] (Aquatint Slate) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2010.11.28 17:03:33 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2010.11.28 17:03:19 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2007.08.20 20:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2005.09.30 20:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{9w50ge7w-88c1-4wcg-bxg9-90g1a5d31c3z}
[2010.11.28 17:03:35 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2005.05.02 22:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
[2008.05.10 12:52:14 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
[2005.03.18 20:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{F44A59FC-F61F-46ab-8FD4-444CED7C412A}
[2010.11.28 17:03:33 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\extension@virtusdesigns.com
[2010.08.25 16:38:23 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\nasanightlaunch@example.com
[2006.04.08 09:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\temp
[2010.11.28 17:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\extension@virtusdesigns.com\chrome
[2010.11.28 17:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010.11.28 17:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\cpqii5aa.Standard-Benutzer\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2008.12.12 19:23:54 | 000,002,158 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1ywxhn31.default\searchplugins\MySpace.xml
[2011.01.03 13:19:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2006.06.11 12:28:19 | 000,000,000 | ---D | M] (Amazon-Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2006.06.11 12:28:19 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
[2006.06.12 21:45:18 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
[2007.07.24 08:07:00 | 000,399,872 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npagent.dll
[2010.12.13 16:59:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.13 16:59:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.13 16:59:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.13 16:59:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.13 16:59:13 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.02.09 21:48:25 | 000,224,889 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 7889 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84B94901-3645-4D80-A6B7-4D0050B19455} - No CLSID value found.
O2 - BHO: (Skype Control Class) - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\System32\SkypeComm.dll File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - No CLSID value found.
O2 - BHO: (no name) - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - No CLSID value found.
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2D1DDD38-CE4D-459B-A01C-F11BC92D5B69} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LWBMOUSE] C:\Programme\Samsung Mouse\Samsung Mouse\2.0p\Mouse32A.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &ICQ Toolbar Search - D:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Programme\BetwayMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQLite\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQLite\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} hxxp://download.microsoft.com/download/a/d/e/ade837f3-8e2d-4eca-9e4f-f0fcc750ab87/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} hxxp://www.kungfuchess.com/activex/web665.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172612726796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172612719750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.mcafee.com/molbin/shared/mcgdmgr/de/1,0,0,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.01.15 10:35:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.01 20:16:07 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O33 - MountPoints2\{5165395e-c70f-11de-aa0b-00e04cd6847a}\Shell - "" = AutoRun
O33 - MountPoints2\{5165395e-c70f-11de-aa0b-00e04cd6847a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5165395e-c70f-11de-aa0b-00e04cd6847a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8fa09322-c6c3-11de-aa0a-00e04cd6847a}\Shell - "" = AutoRun
O33 - MountPoints2\{8fa09322-c6c3-11de-aa0a-00e04cd6847a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fa09322-c6c3-11de-aa0a-00e04cd6847a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d43e1fba-a5ed-11dd-a95a-89263c2fbd2a}\Shell - "" = AutoRun
O33 - MountPoints2\{d43e1fba-a5ed-11dd-a95a-89263c2fbd2a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d43e1fba-a5ed-11dd-a95a-89263c2fbd2a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d940178c-a45f-11dd-a955-00e04cd6847a}\Shell - "" = AutoRun
O33 - MountPoints2\{d940178c-a45f-11dd-a955-00e04cd6847a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d940178c-a45f-11dd-a955-00e04cd6847a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.01.10 21:07:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Stefan\Desktop\OTL.exe
[2011.01.10 19:45:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Avira
[2011.01.10 19:41:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Stefan\Recent
[2011.01.10 19:32:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Malwarebytes
[2011.01.10 19:32:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.01.10 19:32:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.01.10 19:32:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.01.10 19:32:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.01.10 19:32:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.10 19:31:37 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Stefan\Desktop\mbam-setup.exe
[2011.01.10 18:22:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2011.01.10 18:07:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.01.10 18:03:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.01.10 18:03:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.01.10 18:03:36 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.01.10 18:03:36 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.01.10 18:03:36 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.01.10 18:03:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.01.10 18:03:31 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.01.10 18:03:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.01.10 21:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Stefan\Desktop\OTL.exe
[2011.01.10 20:55:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.10 19:48:07 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2011.01.10 19:46:13 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.01.10 19:43:12 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2011.01.10 19:43:09 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.10 19:43:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.10 19:42:58 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.10 19:32:43 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.10 19:32:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Stefan\Desktop\mbam-setup.exe
[2011.01.10 18:03:55 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 17:51:14 | 059,398,824 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\avira_antivir_personal_de.exe
[2011.01.09 18:05:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.07 15:39:27 | 001,449,273 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Foto0010.jpg
[2011.01.07 15:38:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2010.12.28 11:22:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.12.28 11:21:12 | 000,000,234 | ---- | M] () -- C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\funrecent.fmp
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.01.10 19:32:43 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.10 18:03:55 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 17:51:14 | 059,398,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\avira_antivir_personal_de.exe
[2011.01.07 15:39:27 | 001,449,273 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Desktop\Foto0010.jpg
[2010.08.25 00:04:51 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.27 23:46:13 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009.06.03 04:41:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\imcomm.dll
[2008.11.13 19:46:46 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2008.11.13 19:42:08 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.02.09 22:42:59 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2008.01.25 02:27:54 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2007.10.13 19:12:25 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.10.13 19:12:24 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.09.17 00:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.09.17 00:07:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.09.17 00:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.09.17 00:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.09.17 00:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.04.10 22:16:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007.01.15 00:07:04 | 000,001,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.12.09 20:36:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006.12.09 16:21:51 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006.09.24 09:07:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2006.05.15 21:28:43 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.05.03 17:44:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2006.03.25 01:15:47 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\msozas.dll
[2005.12.29 17:12:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.12.29 17:11:33 | 000,000,935 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005.09.01 15:20:46 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll
[2005.08.15 12:31:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.04.15 21:31:04 | 000,006,808 | ---- | C] () -- C:\WINDOWS\System32\HWACCESS.SYS
[2005.03.13 21:05:28 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2005.03.11 19:16:31 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\NwtGatewayDLL.dll
[2005.03.11 19:16:31 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\NwtGatewayConfig.ini
[2005.02.25 16:01:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005.02.23 19:31:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.02.19 15:38:29 | 000,001,725 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.02.05 13:28:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005.02.05 13:28:24 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005.02.03 20:54:40 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.02.02 19:53:51 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2005.01.28 21:11:40 | 000,021,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.24 21:54:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.01.22 21:42:39 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.01.22 07:16:37 | 000,000,456 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005.01.16 09:34:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.01.15 11:52:22 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005.01.15 11:50:40 | 000,001,145 | ---- | C] () -- C:\Programme\uninstal.log
[2005.01.15 10:29:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.01.15 10:23:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\msfontsgr.dll
[2005.01.15 10:23:08 | 000,007,150 | ---- | C] () -- C:\WINDOWS\System32\wewnte.dll
[2004.10.12 06:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004.10.12 06:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004.10.12 06:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004.10.09 06:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004.10.05 08:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.11.04 10:24:15 | 000,001,684 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2007.03.06 20:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
[2009.11.30 22:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Boss Media
[2006.09.24 08:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2006.12.09 16:21:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2007.11.04 20:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iolo
[2006.07.21 22:16:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2009.11.23 21:10:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4893E9D3-90A5-46EA-9E22-F86C85D159B8}
[2008.10.30 19:03:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\3DataManager
[2011.01.10 18:08:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Alku
[2010.08.24 22:50:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Azureus
[2008.02.10 02:03:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\BitTorrent
[2006.06.11 12:18:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Bytemobile
[2006.12.09 20:28:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\CD-LabelPrint
[2005.02.18 18:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\CDZilla
[2007.03.01 22:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo
[2011.01.10 18:03:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Eqsae
[2009.11.23 21:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\FRITZ!
[2006.04.09 13:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Gearbox Software
[2006.01.02 18:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\GMX
[2008.03.03 22:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\ICQ
[2005.05.22 11:45:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\ICQLite
[2005.03.15 18:35:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\ICS
[2007.06.26 18:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\InfraRecorder
[2007.11.04 20:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\iolo
[2006.07.21 21:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
[2006.12.08 23:12:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Microgaming
[2006.04.09 13:19:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\My Games
[2008.11.13 19:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Samsung
[2005.06.08 19:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Schlacht_um_Mittelerde_Maps
[2010.09.28 22:24:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Thunderbird
[2005.02.23 21:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TuneUp Software
[2005.03.15 20:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Vodafone Mobile Connect
[2011.01.10 19:46:13 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
--- --- ---
--- --- ---OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 10.01.2011 21:09:02 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Dokumente und Einstellungen\Stefan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 521,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 88,65 Gb Total Space | 27,40 Gb Free Space | 30,91% Space Free | Partition Type: NTFS
Drive D: | 93,98 Gb Total Space | 24,94 Gb Free Space | 26,54% Space Free | Partition Type: NTFS
Computer Name: STEFAN | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6112:UDP" = 6112:UDP:10.131.0.16/255.255.255.255:Enabled:6112
"30260:UDP" = 30260:UDP:*:Enabled:30260
"9100:UDP" = 9100:UDP:*:Enabled:9100
"1181:UDP" = 1181:UDP:10.131.0.16/255.255.255.255:Enabled:1181
"30275:UDP" = 30275:UDP:*:Enabled:30275
"12975:TCP" = 12975:TCP:*:Enabled:Hamachi
"32976:TCP" = 32976:TCP:*:Enabled:Hamachi
"9101:UDP" = 9101:UDP:*:Enabled:9101
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde (tm) -- File not found
"D:\spiele\siedler\Exe\S4_Main.exe" = D:\spiele\siedler\Exe\S4_Main.exe:*:Enabled:S4_Main -- (Blue Byte Software, Inc.)
"D:\spiele\EA GAMES1\game.dat" = D:\spiele\EA GAMES1\game.dat:*:Enabled:Die Schlacht um Mittelerde (tm) -- ()
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found
"D:\spiele\EA GAMES1\patchget.dat" = D:\spiele\EA GAMES1\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"D:\spiele\strongholddemo\Stronghold2Demo.exe" = D:\spiele\strongholddemo\Stronghold2Demo.exe:*:Disabled:Stronghold2Demo -- File not found
"D:\Programme\ICQLite\ICQLite.exe" = D:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\THQ\Company of Heroes\RelicCOH.exe" = C:\Programme\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"D:\spiele\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = D:\spiele\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde -- File not found
"D:\Programme\ICQLite\ICQ6\ICQ.exe" = D:\Programme\ICQLite\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Ubisoft\DIE SIEDLER - Aufstieg eines Königreichs\base\bin\Settlers6.exe" = C:\Programme\Ubisoft\DIE SIEDLER - Aufstieg eines Königreichs\base\bin\Settlers6.exe:*:Enabled:DIE SIEDLER - Aufstieg eines Königreichs -- (Blue Byte GmbH)
"C:\Programme\Joost\xulrunner\tvprunner.exe" = C:\Programme\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- File not found
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Programme\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = C:\Programme\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp\d9698deeb19e4eb0bf1d6c541442f579\RelicDownloader.exe" = C:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp\d9698deeb19e4eb0bf1d6c541442f579\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Programme\Java\jre1.5.0_10\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\Temp\inode_Config.exe" = C:\WINDOWS\Temp\inode_Config.exe:*:Enabled:inode Config -- (mquadr.at software engineering & consulting GmbH - Web: hxxp://www.mquadr.at - Mail: office@mquadr.at)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"D:\Programme\ICQLite\ICQ6.5\ICQ.exe" = D:\Programme\ICQLite\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Team17\Worms Armageddon\wa.exe" = C:\Programme\Team17\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon -- File not found
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99484975-321E-495B-8171-2797B82392DD}" = inode FTP
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB90749C-7422-4580-8A7A-66CC5E9E5F98}" = iTunes
"{AC5DDE4A-3152-41D7-BECD-41D9B843D22F}" = Vodafone Mobile Connect
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAFA84F8-5A33-4ACD-AD10-58356B27A0F1}" = LiveUpdate
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"3DataManager" = Mein 3DataManager
"76322c23820ae7473cdebbff3eceb262" = Cars
"8461-7759-5462-8226" = Vuze
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Betway.com Poker" = Betway.com Poker
"bwin" = bwin Poker (remove only)
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Company of Heroes" = Company of Heroes
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"Filzip 3.0.6.93_is1" = Filzip 3.06
"FlashGet" = FlashGet 1.81
"FLVPlayer" = FLV Player 1.3.3
"IC Card Reader Driver" = IC Card Reader Driver v1.9e2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InfraRecorder" = InfraRecorder
"inode FTP" = inode FTP
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{BAFA84F8-5A33-4ACD-AD10-58356B27A0F1}" = LiveUpdate
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"LastFM_is1" = Last.fm 1.3.1.1
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mermaid Poker" = Mermaid Poker
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NeroVision!UninstallKey" = NeroVision Express 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PartyCasino" = PartyCasino
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"RealPlayer 6.0" = RealPlayer
"RivaTuner" = RivaTuner v2.02
"S4Uninst" = Die Siedler IV
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mouse Samsung Mouse" = Samsung Mouse 2.0p
"Security Task Manager" = Security Task Manager 1.6f
"ShockwaveFlash" = Macromedia Flash Player 8
"Skype_is1" = Skype 3.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tiggers Honigjagd" = Disneys Tiggers Honigjagd spielen
"Titan Poker" = Titan Poker
"ULTIMATER" = Microsoft Office Ultimate 2007
"Universal Extractor_is1" = Universal Extractor 1.5
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WIC" = Windows Imaging Component
"Win2day Poker" = Win2day Poker
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinImage" = WinImage
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.92
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.08.2010 15:39:36 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mediainfo.exe, Version 0.0.0.0, fehlgeschlagenes
Modul mediainfo.exe, Version 0.0.0.0, Fehleradresse 0x001df0e9.
Error - 24.08.2010 15:39:47 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mediainfo.exe, Version 0.0.0.0, fehlgeschlagenes
Modul mediainfo.exe, Version 0.0.0.0, Fehleradresse 0x001df0e9.
Error - 24.08.2010 16:28:55 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5145, fehlgeschlagenes
Modul avisplitter.ax, Version 1.0.0.7, Fehleradresse 0x000229b8.
Error - 24.08.2010 16:29:01 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.
Error - 27.08.2010 14:50:06 | Computer Name = STEFAN | Source = Google Update | ID = 20
Description =
Error - 27.08.2010 15:50:05 | Computer Name = STEFAN | Source = Google Update | ID = 20
Description =
Error - 27.08.2010 16:50:05 | Computer Name = STEFAN | Source = Google Update | ID = 20
Description =
Error - 27.08.2010 17:50:05 | Computer Name = STEFAN | Source = Google Update | ID = 20
Description =
Error - 27.08.2010 18:50:05 | Computer Name = STEFAN | Source = Google Update | ID = 20
Description =
Error - 27.09.2010 15:50:07 | Computer Name = STEFAN | Source = Google Update | ID = 20
Description =
[ OSession Events ]
Error - 22.03.2009 15:47:35 | Computer Name = STEFAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2095
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.01.2011 13:05:47 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Dienst für Seriennummern der tragbaren Medien" wurde mit
folgendem Fehler beendet: %%126
Error - 10.01.2011 02:08:37 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Dienst für Seriennummern der tragbaren Medien" wurde mit
folgendem Fehler beendet: %%126
Error - 10.01.2011 07:23:21 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Dienst für Seriennummern der tragbaren Medien" wurde mit
folgendem Fehler beendet: %%126
Error - 10.01.2011 12:56:03 | Computer Name = STEFAN | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.
Error - 10.01.2011 12:56:03 | Computer Name = STEFAN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .
Error - 10.01.2011 12:56:03 | Computer Name = STEFAN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\DOKUME~1\Stefan\LOKALE~1\Temp\RarSFX0\redist.dll
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 10.01.2011 13:02:06 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Dienst für Seriennummern der tragbaren Medien" wurde mit
folgendem Fehler beendet: %%126
Error - 10.01.2011 13:09:50 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Dienst für Seriennummern der tragbaren Medien" wurde mit
folgendem Fehler beendet: %%126
Error - 10.01.2011 14:43:06 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Dienst für Seriennummern der tragbaren Medien" wurde mit
folgendem Fehler beendet: %%126
Error - 10.01.2011 14:43:35 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
uagp35
< End of report >
--- --- ---
GMER Logfile: Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-10 23:16:08
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2000BB-00GUA0 rev.08.02D08
Running: yrgx8ym2.exe; Driver: C:\DOKUME~1\Stefan\LOKALE~1\Temp\uxtdypob.sys
---- System - GMER 1.0.15 ----
SSDT F7F5DBAE ZwCreateKey
SSDT F7F5DBA4 ZwCreateThread
SSDT F7F5DBB3 ZwDeleteKey
SSDT F7F5DBBD ZwDeleteValueKey
SSDT F7F5DBC2 ZwLoadKey
SSDT F7F5DB90 ZwOpenProcess
SSDT F7F5DB95 ZwOpenThread
SSDT F7F5DBCC ZwReplaceKey
SSDT F7F5DBC7 ZwRestoreKey
SSDT F7F5DBB8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
? dhqja.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF659F360, 0x307AC7, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xF4963300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF5197300, 0x1B7E, 0xE8000020]
---- EOF - GMER 1.0.15 ----
--- --- ---
So ich hoffe die Daten sind so verwendbar.
Vielen Dank nochmal. |
