so, hier die beiden OTL-Logs:OTL Logfile: Code:
OTL logfile created on: 18.02.2011 19:52:58 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,52 Gb Total Space | 646,72 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 19,98 Gb Total Space | 9,90 Gb Free Space | 49,55% Space Free | Partition Type: FAT32
Computer Name: FRODO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Jojo\Arschloch3D\Arschloch3D.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (LVUVC) Logitech QuickCam 3000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://de.mg41.mail.yahoo.com/dc/launch?.gx=0&.rand=340p196mhik2i|hxxp://www.css-lernen.net/|hxxp://www.schuelervz.net/Default|hxxp://www.google.de/imgres?imgurl=hxxp://www.der-feine-tisch.de/images/1_32__24800_03.jpg&imgrefurl=hxxp://www.der-feine-tisch.de/seltmann-weiden-dorothea-china-blau-c-88_581.html&h=500&w=500&sz=47&tbnid=IdlcJlDxvJWQmM:&tbnh=130&tbnw=130&prev=/images%3Fq%3Dchinablau&zoom=1&q=chinablau&usg=__adLCYanE2KrO8PPTsS2Hp5A-QoA=&sa=X&ei=4XUPTeGbJYKPswbSrOX_DA&ved=0CD8Q9QEwAw|hxxp://www.google.de/imgres?imgurl=hxxp://www.porzellantreff.de/isroot/steinkamp/webimages/stimmungsbilder/SeltDorotheablau/2_gr.jpg&imgrefurl=hxxp://www.porzellantreff.de/Seltmann-Weiden-Dorothea-China-Blau-c5615.html&h=500&w=500&sz=39&tbnid=iojSyVO2lPKeBM:&tbnh=130&tbnw=130&prev=/images%3Fq%3Dchinablau&zoom=1&q=chinablau&usg=__10CCXA7b0MvGmOWjUTDMT9_Gbnk=&sa=X&ei=YnYPTca3N830sgb77vj4DA&ved=0CD8Q9QEwBQ|http://www.trojaner-board.de/51187-a...uerzt-ab.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {047CDD12-6202-47E9-B831-8A867BCCA3E6}:1.9.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 17:04:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.14 18:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.14 18:46:14 | 000,000,000 | ---D | M]
[2009.04.23 19:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.04.23 19:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.02.18 16:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions
[2010.08.19 14:48:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.10 16:49:51 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.02.08 23:15:13 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.12.24 00:14:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.19 14:48:23 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.12.11 14:44:02 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.02.08 23:15:12 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\firebug@software.joehewitt.com
[2010.09.18 20:39:14 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yuzw6ylg.default\extensions\personas@christopher.beard
[2009.09.25 19:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.12.14 18:46:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.10.13 11:33:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\***\APPDATA\LOCAL\{047CDD12-6202-47E9-B831-8A867BCCA3E6}
[2010.12.14 18:46:12 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2010.12.14 18:46:12 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2010.12.14 18:46:13 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006.10.26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2010.03.12 21:18:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 21:18:31 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.12 21:18:31 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010.03.12 21:18:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.12 21:18:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.12 21:18:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [Restree] C:\Users\***\AppData\Roaming\Txtole\dephelp.exe ()
O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.02.18 19:23:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\jonas\Desktop\OTL.exe
[2011.02.17 17:12:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.02.17 17:11:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.17 17:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.17 17:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.17 17:11:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.17 17:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.13 17:38:42 | 000,000,000 | -H-- | C] () -- C:\Users\***\ntuser.dat.LOG2
[2011.02.12 22:07:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Txtole
[2011.02.10 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Arbeitstitel Biology_data
[2011.02.09 20:49:02 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.09 20:48:59 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.09 20:48:58 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.09 20:48:48 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.09 20:48:48 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.09 20:48:48 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.02.09 20:48:47 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.09 20:48:47 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.09 20:48:47 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.09 20:48:47 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.09 20:48:47 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.09 20:48:47 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.09 20:48:46 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.09 20:48:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.09 20:48:46 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.09 20:48:45 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.09 20:48:45 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.09 20:48:45 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.09 20:48:45 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.09 20:48:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.09 20:48:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.09 20:48:44 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.09 20:48:44 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.09 20:48:43 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.09 20:48:43 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.09 20:48:41 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.09 20:48:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.09 20:48:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.09 20:48:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.09 20:48:05 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.09 20:48:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.09 20:48:05 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.02.09 20:48:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.09 20:48:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.02.09 20:48:02 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.09 20:48:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.08 15:56:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\3DFA
[2011.02.08 15:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\3DFA
[2011.02.08 15:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Flash Animator 4.9.8.7
[2011.02.08 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\3D Flash Animator 4.9.8.7
[2011.02.07 16:43:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\scream
[2011.02.06 21:36:44 | 000,000,472 | ---- | C] () -- C:\Users\***\.lmmsrc.xml
[2011.02.05 21:15:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\dino.to
[2011.01.25 21:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 0.4.6
[2011.01.25 21:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\LMMS 0.4.6
[2010.10.13 11:33:45 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Oxorigatagacuti.dat
[2010.10.13 11:33:45 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Kseke.bin
[2010.10.13 11:30:50 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\googleupdate.log
[2010.07.21 15:43:54 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.03.02 16:52:15 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2009.05.10 11:57:46 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.03.26 18:32:16 | 002,416,742 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db
[2009.03.26 17:03:58 | 000,184,320 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.26 16:20:38 | 000,109,968 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2006.11.02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
========== Files - Modified Within 30 Days ==========
[2011.02.18 19:54:59 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011.02.18 19:23:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\jonas\Desktop\OTL.exe
[2011.02.18 18:43:29 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.18 18:43:29 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.18 17:36:02 | 000,003,758 | ---- | M] () -- C:\Users\***\Desktop\Accounts.kdbx
[2011.02.18 16:48:31 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.18 16:48:31 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.18 16:48:31 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.18 16:48:31 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.18 16:45:06 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011.02.18 16:43:58 | 000,071,173 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.02.18 16:43:58 | 000,071,173 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.02.18 16:43:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.18 16:43:23 | 3485,671,424 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.17 16:35:31 | 000,095,232 | ---- | M] () -- C:\Users\***\Desktop\Overpopulation.doc
[2011.02.14 20:23:39 | 000,011,009 | ---- | M] () -- C:\Users\***\Desktop\Rewe Bewerbung.docx
[2011.02.14 18:19:56 | 000,184,320 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.11 16:37:06 | 000,383,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.10 20:08:39 | 000,001,501 | ---- | M] () -- C:\Users\***\Desktop\Arbeitstitel Biology.aup
[2011.02.10 15:42:05 | 000,010,257 | ---- | M] () -- C:\Users\***\Desktop\Zeiten für Jugend.docx
[2011.02.08 18:28:01 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.02.08 15:56:50 | 000,000,819 | ---- | M] () -- C:\Users\***\Desktop\3D Flash Animator 4.9.8.7.lnk
[2011.02.07 20:14:17 | 000,011,213 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung Ferienspiele.docx
[2011.02.07 20:08:31 | 000,011,556 | ---- | M] () -- C:\Users\***\Desktop\Lebenslauf.docx
[2011.02.07 17:32:56 | 000,012,518 | ---- | M] () -- C:\Users\***\Desktop\Ein gutes Gesangsmikrofon ist vorzugsweise ein Kondensator Mikrofon.docx
[2011.02.06 21:36:44 | 000,000,472 | ---- | M] () -- C:\Users\***\.lmmsrc.xml
[2011.02.04 22:10:26 | 000,010,640 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg
[2011.02.04 22:10:26 | 000,002,625 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg
[2011.01.25 22:26:26 | 000,002,205 | ---- | M] () -- C:\Users\***\Desktop\versuch.mmpz
[2011.01.25 21:58:24 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Linux MultiMedia Studio.lnk
[2011.01.20 17:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.01.20 17:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.01.20 17:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.20 17:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.01.20 17:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.20 17:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.20 17:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.01.20 17:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.01.20 17:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.01.20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.01.20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.01.20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.01.20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.20 15:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.01.20 15:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.01.20 15:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.01.20 15:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.20 15:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.20 15:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.01.20 14:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.20 14:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
========== Files Created - No Company Name ==========
[2011.02.17 16:35:29 | 000,095,232 | ---- | C] () -- C:\Users\***\Desktop\Overpopulation.doc
[2011.02.14 20:23:31 | 000,011,009 | ---- | C] () -- C:\Users\***\Desktop\Rewe Bewerbung.docx
[2011.02.10 20:08:39 | 000,001,501 | ---- | C] () -- C:\Users\***\Desktop\Arbeitstitel Biology.aup
[2011.02.08 15:56:50 | 000,000,819 | ---- | C] () -- C:\Users\***\Desktop\3D Flash Animator 4.9.8.7.lnk
[2011.02.07 17:32:55 | 000,012,518 | ---- | C] () -- C:\Users\***\Desktop\Ein gutes Gesangsmikrofon ist vorzugsweise ein Kondensator Mikrofon.docx
[2011.02.04 19:40:07 | 000,010,257 | ---- | C] () -- C:\Users\***\Desktop\Zeiten für Jugend.docx
[2011.02.01 16:40:32 | 000,011,556 | ---- | C] () -- C:\Users\***\Desktop\Lebenslauf.docx
[2011.02.01 16:20:18 | 000,011,213 | ---- | C] () -- C:\Users\***\Desktop\Bewerbung Ferienspiele.docx
[2011.01.25 22:17:06 | 000,002,205 | ---- | C] () -- C:\Users\***\Desktop\versuch.mmpz
[2011.01.25 21:58:24 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Linux MultiMedia Studio.lnk
[2010.01.13 20:07:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.05 18:07:37 | 000,068,960 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.09.24 13:54:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.09 18:22:10 | 000,003,764 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.04.09 18:22:10 | 000,000,008 | ---- | C] () -- C:\Windows\System32\F2D1332BB9.sys
[2009.01.23 15:37:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.20 11:57:16 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
========== LOP Check ==========
[2009.03.27 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BullGuard
[2009.07.13 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internet-Radio Player
[2011.02.08 15:56:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3DFA
[2010.10.11 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.05.20 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2010.12.18 17:24:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.12.19 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.12.19 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.15 23:54:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Enrawa
[2011.02.08 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.11.11 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2010.05.17 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internet-Radio Player
[2009.04.23 20:38:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internetradio Player
[2011.02.18 17:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.12.04 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.05.12 21:12:11 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2010.10.01 18:18:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Marine Aquarium 3
[2010.02.19 21:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Petroglyph
[2009.05.19 18:07:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player
[2010.03.22 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SongBeamer
[2009.12.07 15:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.12.17 15:02:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.02.12 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Txtole
[2010.11.25 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2011.02.17 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ygom
[2011.02.17 23:32:21 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.18 19:54:59 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.02.08 15:56:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3DFA
[2010.01.13 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.10.11 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.05.20 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2010.11.05 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.12.18 17:24:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2009.06.12 17:24:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2010.04.19 14:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2011.01.28 12:48:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.12.19 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.12.19 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.15 23:54:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Enrawa
[2011.02.08 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2009.03.26 16:20:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.11.11 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2010.05.17 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internet-Radio Player
[2009.04.23 20:38:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internetradio Player
[2011.02.18 17:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.12.04 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.05.12 21:12:11 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2009.03.27 16:31:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.02.17 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.10.01 18:18:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Marine Aquarium 3
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010.12.03 20:53:06 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.10.23 11:34:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2009.03.26 16:58:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2010.02.19 21:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Petroglyph
[2009.05.19 18:07:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player
[2010.01.17 22:41:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion
[2009.08.25 15:44:24 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2011.02.18 19:51:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.02.18 16:44:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.03.22 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\SongBeamer
[2009.12.07 15:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.12.17 15:02:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.02.12 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Txtole
[2011.02.17 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.08.23 18:00:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2010.11.25 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2011.02.17 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ygom
< %APPDATA%\*.exe /s >
[2010.10.11 10:05:33 | 000,699,974 | ---- | M] () -- C:\Users\***\AppData\Roaming\Ahnenblatt\unins000.exe
[2009.05.19 18:07:42 | 000,045,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Internet-Radio Player\update.exe
[2009.05.19 18:07:47 | 001,369,656 | ---- | M] ( ) -- C:\Users\***\AppData\Roaming\Internet-Radio Player\update2.exe
[2008.07.09 10:49:52 | 000,094,208 | ---- | M] () -- C:\Users\***\AppData\Roaming\Internetradio Player\skins\ps_starter.exe
[2010.12.04 22:01:48 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0085029F-9640-4D93-800D-D0F53188758A}\_1E9320E28517EADEA18698.exe
[2010.12.04 22:01:48 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0085029F-9640-4D93-800D-D0F53188758A}\_6FEFF9B68218417F98F549.exe
[2010.12.04 22:01:49 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0085029F-9640-4D93-800D-D0F53188758A}\_A368E345A811C53748493B.exe
[2010.12.04 22:01:49 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{0085029F-9640-4D93-800D-D0F53188758A}\_FE6B7DD73314696E604C2E.exe
[2010.11.12 18:23:58 | 000,029,926 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2011.02.17 16:19:49 | 000,366,080 | ---- | M] () -- C:\Users\***\AppData\Roaming\Txtole\dephelp.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTOR.SYS >
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007.10.09 00:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:60466E88
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 18.02.2011 19:52:58 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,52 Gb Total Space | 646,72 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 19,98 Gb Total Space | 9,90 Gb Free Space | 49,55% Space Free | Partition Type: FAT32
Computer Name: FRODO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001BEE00-47B8-4A3C-8796-1C38B49B9D0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{043065E2-8613-4C5B-B7C4-8E555002DBFD}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{1DDFEBD6-F9F2-40CC-AF97-14F20C0CF538}" = lport=3389 | protocol=6 | dir=in | name=thomas |
"{26DBE7A6-F687-4D20-ACA3-D6DD173001BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{32F7C802-C437-4902-898B-4A00A8D17A18}" = lport=3389 | protocol=17 | dir=in | name=thomas2 |
"{3B3CB026-1C49-4829-8E07-EC6A7BACF2BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B6BD8A1-7CD7-447B-B69B-F1AFB1DD3D67}" = rport=139 | protocol=6 | dir=out | app=system |
"{812A6E2C-B2BF-4EE0-BCD3-FC41C6335C6E}" = rport=137 | protocol=17 | dir=out | app=system |
"{ACE70779-71B8-4B4A-9D4B-358D61383CCE}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1DC7E67-4561-4E8E-A891-E003E765D03E}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF845E6F-9C7E-49BC-8E1D-6BFE24933D73}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1A55229-84C5-4EC7-A972-9C317C763901}" = lport=139 | protocol=6 | dir=in | app=system |
"{E882AAA3-D43C-49CC-A0D5-00E6E2700FE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EADF2C35-5BC7-419F-921B-E6701F7A9452}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{F31F9062-636B-474D-B938-245B108B917F}" = lport=137 | protocol=17 | dir=in | app=system |
"{F76DF8B6-BEBF-460C-A068-FAC5FAA6545A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D02C4C-30B8-487A-9396-1AEB431B5046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{07CB7960-5A6A-427B-AF53-4D92FD40EBCB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{0B86901A-C278-4D49-B7FB-9DE783811987}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0D7E1BBB-84B6-47FB-9B43-0F4A6F8D97CB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1164C742-4982-4BA2-99C4-629F9BA91239}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{13395891-D38B-4062-BA3D-9CF277FB3C81}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{20975BC0-5C59-4EEF-85C7-B786DB042A4C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{2A555EC6-B67E-4A5C-808D-E987500C1196}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{2C5A7C41-5A04-4805-AB7B-DC4BF33B0CBC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{2F612F03-95A8-4F7F-A862-D9DF6FE3331B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{34DDCD21-1B5C-49FC-BF57-C2339E6E0035}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{35605402-AD2A-44EE-9DF2-F3C0A703777A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{42602D7A-CB7B-4205-B8D8-B5A4A8AB0957}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{54042B2E-C7DC-45C7-A58E-D5E403043354}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54C2DD91-F853-476A-8E8C-5FB2CA2990A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{642E9DE6-B0A7-47A0-9630-9FF4B5F36607}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{67D92EB5-A5C8-427C-BB09-2F85491C099A}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{6AC3C1D2-25AD-4030-BA39-5DA5F37ED9BE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{77AE2656-6475-4852-824D-8C7087E94749}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77DB84DD-85FE-40FE-B124-1E389262D89C}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{86B73D3B-12DE-4B42-AF1A-C41F21ECF83C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{899B45B2-9D4F-4A2D-9FC4-A7D53A36BAC2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{8F3F8FFF-E184-43B2-8197-D61334A791D5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{906DFEC9-8B75-4BD1-949B-6E4F4A21D346}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{931A3C42-EA72-4151-A3A8-68CA661F2D2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{963BF079-C5F9-454F-8384-C8936A2A871E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4FA4ED4-690C-4661-BF5C-300314C6D8E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AB58F9DB-B056-436B-A8B9-336975B4CB15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ACE181DF-B20F-471B-9D11-F9A1CF4F2355}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{B0F41ADA-0687-40E8-8AC8-F47E120D1EA5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B12FF43D-7018-4DBA-8C11-76E7115F5F59}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B7F24C27-A59C-4137-8247-F4BF87CB3C8C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C5CE6E27-66BC-430D-ABD0-2C07AFBEDC06}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{CCC6554B-8AA2-4F32-B4AC-A7CECD22428C}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{D1282F75-29D5-4ACC-89CB-42346952EDC0}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{D47DBABC-9F79-4893-B65C-73418420AAF7}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{E8BE5309-F5D3-4DC8-A66B-04E893DF5F11}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{EED8403F-47BA-44B7-AC74-6C2A4489170E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{FD314947-30F9-4AB8-9984-F8F302E653B2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"TCP Query User{119A5951-D334-4F79-875B-A7DDB3658A86}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{2A928FF5-597E-4559-9A43-8CB99B375702}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"TCP Query User{3DF44DEB-E090-439D-805B-C0B97982593A}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{43CC3061-FA62-4BC9-81E6-4C0B7560C156}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{441B0801-6399-4E5D-A9C1-2FD717B56830}C:\program files\tremulous\tremulous.exe" = protocol=6 | dir=in | app=c:\program files\tremulous\tremulous.exe |
"TCP Query User{46D82747-FE0A-468E-942E-D247BD3848AF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{481494B8-8D18-4998-B3EE-7AEDBE3041BC}C:\program files\bloodfrontier\bin\bfclient.exe" = protocol=6 | dir=in | app=c:\program files\bloodfrontier\bin\bfclient.exe |
"TCP Query User{5681DC7A-743A-44BF-A35A-1B221825FABC}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{67C14D7C-FBDC-423B-AA20-378F2D4D5E50}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe |
"TCP Query User{775F3A51-7D87-41FE-9094-981EC6065AC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{78AE288A-FE59-43C3-B925-5FD08F845F19}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{7E67FCE0-FA40-4317-816E-082100D2C4D1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8EEA8516-6A69-4CBF-B54F-97DC4613768C}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{A46189A9-B39C-4C3A-8429-652850850D46}C:\program files\jahshaka\jahshaka.exe" = protocol=6 | dir=in | app=c:\program files\jahshaka\jahshaka.exe |
"TCP Query User{B67D20C1-917B-40A6-B187-443AECDD87CE}C:\users\***\saved games\reitakademie.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\reitakademie.exe |
"TCP Query User{CD03C593-D76F-40E9-B59E-61746CE51E46}C:\program files\scratch\scratch.exe" = protocol=6 | dir=in | app=c:\program files\scratch\scratch.exe |
"TCP Query User{D09801E7-D179-4B1A-A713-C49CFCC33CB1}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{D386493E-49E5-4574-8913-25E9BFE96A2B}C:\program files\bloodfrontier\bin\bfclient.exe" = protocol=6 | dir=in | app=c:\program files\bloodfrontier\bin\bfclient.exe |
"TCP Query User{D3C5C29C-4B7F-4C4F-A749-69EF33AB496C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F495EA7D-3C3C-4D7E-9783-7DE94945671B}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{FEB9522E-F57E-4E6E-AE1A-60A17E713B56}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{073D26D3-118B-4006-B47E-301572B8ED08}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{08DB0EAE-5826-4B93-8585-43721F4E0175}C:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\moorhuhn total 5\moorhuhn kart 3\moorhuhn_kart3.exe |
"UDP Query User{21C338A9-9BB8-4E2C-B6A2-6A84A23514B5}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{25C2593A-2C5F-4615-8C12-E33015E42AB4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{34E23377-806C-45B3-8445-986E55D290BB}C:\program files\jahshaka\jahshaka.exe" = protocol=17 | dir=in | app=c:\program files\jahshaka\jahshaka.exe |
"UDP Query User{3CC34213-C09B-4286-9DEC-9EECE9C754D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{65B5DBC5-605D-480B-937D-03B20D83844D}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{6EDAA2D2-4D15-4DD0-BB41-9206A2938EF0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{77E38DD5-DFCA-44F8-853A-E9198468FD40}C:\program files\bloodfrontier\bin\bfclient.exe" = protocol=17 | dir=in | app=c:\program files\bloodfrontier\bin\bfclient.exe |
"UDP Query User{7A426C28-4952-4801-BF5A-DA15B04A96A7}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{90D919A9-A1A1-4674-A489-17C6B313BDA5}C:\users\***\saved games\reitakademie.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\reitakademie.exe |
"UDP Query User{A0C63C06-B1C7-4476-9686-68A68AB06901}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BF32C7B5-7F79-43BB-9997-DF6C42213C2A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C2FEEC54-2C5E-411B-A9DA-97F50131962A}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{CA46EFB2-8186-4BED-911F-61AF10510BB9}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{CD6BE145-B952-4347-AB46-DF0B3168C4C1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D4938371-4BD2-4B1C-B93E-7156A63970B2}C:\program files\bloodfrontier\bin\bfclient.exe" = protocol=17 | dir=in | app=c:\program files\bloodfrontier\bin\bfclient.exe |
"UDP Query User{E146C9B4-D0F4-463A-B3AF-A5DD2430038D}C:\program files\scratch\scratch.exe" = protocol=17 | dir=in | app=c:\program files\scratch\scratch.exe |
"UDP Query User{E34D52DB-B62C-4416-A218-A49664479C5A}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{EEDFEC95-D150-45F4-87C8-911BB8B71FE9}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"UDP Query User{FDFB38C8-3FAB-426D-9B4B-C74F4C0F48EE}C:\program files\tremulous\tremulous.exe" = protocol=17 | dir=in | app=c:\program files\tremulous\tremulous.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0085029F-9640-4D93-800D-D0F53188758A}" = Arschloch3D
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{227B798F-4300-4727-A3F1-2B8F2727BE06}" = Moorhuhn Total 4
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41C354B6-F2D5-422F-9DCF-001D8C30D09C}" = Moorhuhn X - XXL
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8775DE7C-A742-494C-92C5-448315ECFE1A}" = Moorhuhn-Total 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C769CF-6562-43ED-BD1F-7E19DF32EE0B}" = N
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A69626F0-D359-47F4-847B-F881A8A7D134}" = Logitech QuickCam for Enterprise
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{ED1390DC-6910-4C77-97E2-579CAFE82F5B}" = Moorhuhn 4 Teile
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3D Flash Animator 4.9.8.7" = 3D Flash Animator 4.9.8.7
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ahnenblatt_is1" = Ahnenblatt 2.62
"Any Video Converter_is1" = Any Video Converter 3.0.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BloodFrontier" = BloodFrontier
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free 3D Photo Maker_is1" = Free 3D Photo Maker version 2.0
"Free Studio_is1" = Free Studio version 4.8
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LMMS 0.4.6" = Linux MultiMedia Studio (LMMS)
"lvdrivers_11.72" = Logitech QuickCam for Enterprise-Treiberpaket
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenLibraries" = OpenLibraries
"phase-6" = phase-6 2.1.1
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"RocketDock_is1" = RocketDock 1.3.5
"Sauerbraten" = Sauerbraten
"Scratch" = Scratch
"scratch2exe" = ChirpCompiler
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"SongBeamer_Setup_is1" = SongBeamer 4.03b
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.3
"VobSub" = VobSub v2.23 (Remove Only)
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1603881390-1326804135-3925035368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
"Inkscape" = Inkscape 0.48.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.09.2010 15:03:49 | Computer Name = frodo | Source = WinMgmt | ID = 10
Description =
Error - 23.09.2010 06:41:39 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.09.2010 06:41:39 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.09.2010 06:41:46 | Computer Name = frodo | Source = WinMgmt | ID = 10
Description =
Error - 24.09.2010 10:25:13 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.09.2010 10:25:13 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.09.2010 10:25:28 | Computer Name = frodo | Source = WinMgmt | ID = 10
Description =
Error - 25.09.2010 06:35:39 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 06:35:39 | Computer Name = frodo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 06:35:47 | Computer Name = frodo | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 11.12.2009 17:50:03 | Computer Name = frodo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.04.2010 13:33:52 | Computer Name = frodo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.12.2010 17:09:42 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.12.2010 17:09:42 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.12.2010 17:09:43 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.12.2010 17:10:45 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.12.2010 17:12:06 | Computer Name = frodo | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error - 08.01.2011 06:19:13 | Computer Name = frodo | Source = Service Control Manager | ID = 7011
Description =
Error - 15.01.2011 16:20:13 | Computer Name = frodo | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B6BCA zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 24.01.2011 15:49:29 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 04.02.2011 17:26:47 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 04.02.2011 17:29:17 | Computer Name = frodo | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
--- --- --- |
