Alright, the whole story of my problem is as follows:
At first I was constantly getting error messages from "google updater" while being online, always telling me it had to shut down even though I wasn't aware of any programs it was trying to run or update or just what its problem was. So I just kept clicking it away till at some point windows just froze completely, why exactly I don't know.
So because the computer didn't react to anything anymore, I had to press the reset button at which point it rebooted normally but already started windows with an "explorer.exe" error which seemingly didn't affect it though. I tried to start MBAM but the .exe didn't react no matter how much I clicked it. Another weird error I was getting was that when I tried starting my browser opera.exe it would open up an Internet Explorer window, every time.
While windows was superficially running fine, all these little errors irked me a bit, so I figured I should reboot it properly and then it should be fine. Said and done, I rebooted it but all of a sudden windows brought up the "sign in" window, where you could select which account to load, something I've never used or set up. Either way, I clicked on my name to load my account and it immediately jumped back to the "sign in" window as if I had just signed out again.
Bottomline, windows doesn't let me sign in anymore, throwing me back out as soon as I click on my account. I've never had that before.
Full Version: Windows freezes - acts weird - refuses to "sign me in"
hi
Boot from the Windows XP installation CD.
At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".
When you are asked for the Administrator password, leave it blank and press "Enter".
At the command prompt, type chkdsk /r and press "Enter". (Note the space before /r) The disk check operation will start.
This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases.
Once the check completes and you are back at the command prompt, type exit and press "Enter". Let your computer boot normally to Windows.
Boot from the Windows XP installation CD.
At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".
When you are asked for the Administrator password, leave it blank and press "Enter".
At the command prompt, type chkdsk /r and press "Enter". (Note the space before /r) The disk check operation will start.
This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases.
Once the check completes and you are back at the command prompt, type exit and press "Enter". Let your computer boot normally to Windows.
Ok, I have a question here.
From an earlier virus problem I had and that got solved here, I already had a "recovery console" available that was selectable during start up. So I used that and ran the chkdsk /r like you said. It took a while, finished and then I booted again and it's still the same problem.
Does that mean it's different from running recovery from the installation disk? Do I have to go digging up my disk and run it again from there? Does it make a difference?
EDIT: I found my Windows XP disk, booted from there and ran chkdsk again. It reported one error fixed but I still have the same problem. Windows loads the desktop background image, then the sign in window appears, when I click on my account, the background image shows for a split second and then it immediately signs back out.
From an earlier virus problem I had and that got solved here, I already had a "recovery console" available that was selectable during start up. So I used that and ran the chkdsk /r like you said. It took a while, finished and then I booted again and it's still the same problem.
Does that mean it's different from running recovery from the installation disk? Do I have to go digging up my disk and run it again from there? Does it make a difference?
EDIT: I found my Windows XP disk, booted from there and ran chkdsk again. It reported one error fixed but I still have the same problem. Windows loads the desktop background image, then the sign in window appears, when I click on my account, the background image shows for a split second and then it immediately signs back out.
This is turning into more of a tech issue now
Head over to 247Fixes.com, tell them I sent you and that your windows files got damaged by malware
Once they get you logged in again, return here
Head over to 247Fixes.com, tell them I sent you and that your windows files got damaged by malware
Once they get you logged in again, return here
Ok, I finally got the log in issue fixed over at 247fixes.com. When Windows started up again, I still got 2 error messages though, one for explorer.exe and one for google installer, both reporting that they encountered errors and had to be closed.
I'm not quite sure how to proceed though as I don't wanna cause my machine to hang itself at the log in window again, if I reboot.
I'm not quite sure how to proceed though as I don't wanna cause my machine to hang itself at the log in window again, if I reboot.
Ok, I completed Step 1 successfully. On Step 2, I still have the same problem that MBAM won't start., so I ran a system scan with Avira Antivir which found 1 Virus and quarantined it. After that the basic problems are still there. MBAM not starting, Opera opening in IE and the occasional "Google Installer" error popping up.
So, here's the Rooter.exe result:
CKScanner:
The RootRepeal.exe didn't work for me though. I've tried it several times, I gave it plenty of time, but every time I started it, it would only show this "Initializing" window with nothing happening even if I gave 15 minutes. On top of that it also froze the computer so I had to reset every time.
The OTL results:
So, here's the Rooter.exe result:
QUOTE
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 9, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.11 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:27 Go - Free:2 Go )
D:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 02:37.34
Path : C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Rooter.exe
User : Thomas Kirschner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (488)
______ \??\C:\WINDOWS\system32\csrss.exe (540)
______ \??\C:\WINDOWS\system32\winlogon.exe (564)
______ C:\WINDOWS\system32\services.exe (616)
______ C:\WINDOWS\system32\lsass.exe (628)
______ C:\WINDOWS\system32\svchost.exe (820)
______ C:\WINDOWS\system32\svchost.exe (924)
______ C:\WINDOWS\System32\svchost.exe (1024)
______ C:\WINDOWS\system32\svchost.exe (1072)
______ C:\WINDOWS\System32\svchost.exe (1144)
______ C:\WINDOWS\system32\svchost.exe (1216)
______ C:\WINDOWS\System32\brsvc01a.exe (1332)
______ C:\WINDOWS\System32\brss01a.exe (1360)
______ C:\WINDOWS\system32\spoolsv.exe (1380)
______ C:\Programme\Avira\AntiVir Desktop\sched.exe (1420)
______ C:\WINDOWS\System32\svchost.exe (1568)
______ C:\WINDOWS\explorer.exe (1812)
______ C:\Programme\Avira\AntiVir Desktop\avguard.exe (400)
______ C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe (420)
______ C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (456)
______ C:\Programme\AskBarDis\bar\bin\AskService.exe (524)
______ C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe (1012)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1152)
______ C:\Programme\Bonjour\mDNSResponder.exe (1196)
______ C:\WINDOWS\system32\Brmfrmps.exe (1256)
______ C:\WINDOWS\system32\CTsvcCDA.exe (1476)
______ C:\WINDOWS\system32\ctfmon.exe (1796)
______ C:\WINDOWS\system32\nvsvc32.exe (1924)
______ C:\WINDOWS\System32\svchost.exe (1964)
______ C:\WINDOWS\system32\UAService7.exe (1984)
______ C:\WINDOWS\AGRSMMSG.exe (984)
______ C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe (896)
______ C:\Programme\Scansoft\PaperPort\pptd40nt.exe (1460)
______ C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (2064)
______ C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (2072)
______ C:\WINDOWS\system32\V0230Mon.exe (2084)
______ C:\WINDOWS\system32\ezSP_Px.exe (2100)
______ C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (2108)
______ C:\Programme\QuickTime\QTTask.exe (2116)
______ C:\Programme\iTunes\iTunesHelper.exe (2156)
______ C:\Programme\Avira\AntiVir Desktop\avgnt.exe (2204)
______ C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe (2232)
______ C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (2240)
______ C:\Programme\MagicDisc\MagicDisc.exe (2304)
______ C:\Programme\iPod\bin\iPodService.exe (3136)
______ C:\WINDOWS\System32\alg.exe (3744)
______ C:\WINDOWS\system32\wuauclt.exe (376)
______ C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe (3144)
______ C:\Programme\Mozilla Firefox\firefox.exe (2528)
______ C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Rooter.exe (1540)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:30005789184)
\Device\Harddisk0\Partition0 (Start_Offset:30005821440 | Length:130033451520)
\Device\Harddisk0\Partition2 (Start_Offset:30005853696 | Length:130033419264)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\family.guy.404.pdtv-lol.[VTV].job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 02:40.10
.
C:\Rooter$\Rooter_1.txt - (29/09/2009 | 02:40.10)
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 9, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.11 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:27 Go - Free:2 Go )
D:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 02:37.34
Path : C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Rooter.exe
User : Thomas Kirschner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (488)
______ \??\C:\WINDOWS\system32\csrss.exe (540)
______ \??\C:\WINDOWS\system32\winlogon.exe (564)
______ C:\WINDOWS\system32\services.exe (616)
______ C:\WINDOWS\system32\lsass.exe (628)
______ C:\WINDOWS\system32\svchost.exe (820)
______ C:\WINDOWS\system32\svchost.exe (924)
______ C:\WINDOWS\System32\svchost.exe (1024)
______ C:\WINDOWS\system32\svchost.exe (1072)
______ C:\WINDOWS\System32\svchost.exe (1144)
______ C:\WINDOWS\system32\svchost.exe (1216)
______ C:\WINDOWS\System32\brsvc01a.exe (1332)
______ C:\WINDOWS\System32\brss01a.exe (1360)
______ C:\WINDOWS\system32\spoolsv.exe (1380)
______ C:\Programme\Avira\AntiVir Desktop\sched.exe (1420)
______ C:\WINDOWS\System32\svchost.exe (1568)
______ C:\WINDOWS\explorer.exe (1812)
______ C:\Programme\Avira\AntiVir Desktop\avguard.exe (400)
______ C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe (420)
______ C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (456)
______ C:\Programme\AskBarDis\bar\bin\AskService.exe (524)
______ C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe (1012)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1152)
______ C:\Programme\Bonjour\mDNSResponder.exe (1196)
______ C:\WINDOWS\system32\Brmfrmps.exe (1256)
______ C:\WINDOWS\system32\CTsvcCDA.exe (1476)
______ C:\WINDOWS\system32\ctfmon.exe (1796)
______ C:\WINDOWS\system32\nvsvc32.exe (1924)
______ C:\WINDOWS\System32\svchost.exe (1964)
______ C:\WINDOWS\system32\UAService7.exe (1984)
______ C:\WINDOWS\AGRSMMSG.exe (984)
______ C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe (896)
______ C:\Programme\Scansoft\PaperPort\pptd40nt.exe (1460)
______ C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (2064)
______ C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (2072)
______ C:\WINDOWS\system32\V0230Mon.exe (2084)
______ C:\WINDOWS\system32\ezSP_Px.exe (2100)
______ C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (2108)
______ C:\Programme\QuickTime\QTTask.exe (2116)
______ C:\Programme\iTunes\iTunesHelper.exe (2156)
______ C:\Programme\Avira\AntiVir Desktop\avgnt.exe (2204)
______ C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe (2232)
______ C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (2240)
______ C:\Programme\MagicDisc\MagicDisc.exe (2304)
______ C:\Programme\iPod\bin\iPodService.exe (3136)
______ C:\WINDOWS\System32\alg.exe (3744)
______ C:\WINDOWS\system32\wuauclt.exe (376)
______ C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe (3144)
______ C:\Programme\Mozilla Firefox\firefox.exe (2528)
______ C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Rooter.exe (1540)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:30005789184)
\Device\Harddisk0\Partition0 (Start_Offset:30005821440 | Length:130033451520)
\Device\Harddisk0\Partition2 (Start_Offset:30005853696 | Length:130033419264)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\family.guy.404.pdtv-lol.[VTV].job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 02:40.10
.
C:\Rooter$\Rooter_1.txt - (29/09/2009 | 02:40.10)
CKScanner:
QUOTE
CKScanner - Additional Security Risks - These are not necessarily bad
c:\dokumente und einstellungen\thomas kirschner\favoriten\funny website - cracked.com – american’s only humor & video site since 1958.url
c:\dokumente und einstellungen\thomas kirschner\favoriten\matthew mcconaughey's next 10 movie posters cracked.com.url
c:\programme\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\programme\sony\picturegear studio\printstudio\design\label\storage\cracker_b.lmd
c:\programme\sony\picturegear studio\printstudio\design\label\storage\cracker_r.lmd
scanner sequence 3.EM.11
----- EOF -----
c:\dokumente und einstellungen\thomas kirschner\favoriten\funny website - cracked.com – american’s only humor & video site since 1958.url
c:\dokumente und einstellungen\thomas kirschner\favoriten\matthew mcconaughey's next 10 movie posters cracked.com.url
c:\programme\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\programme\sony\picturegear studio\printstudio\design\label\storage\cracker_b.lmd
c:\programme\sony\picturegear studio\printstudio\design\label\storage\cracker_r.lmd
scanner sequence 3.EM.11
----- EOF -----
The RootRepeal.exe didn't work for me though. I've tried it several times, I gave it plenty of time, but every time I started it, it would only show this "Initializing" window with nothing happening even if I gave 15 minutes. On top of that it also froze the computer so I had to reset every time.
The OTL results:
QUOTE
OTL logfile created on: 9/29/2009 3:38:38 AM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
511.36 Mb Total Physical Memory | 157.62 Mb Available Physical Memory | 30.82% Memory free
1.22 Gb Paging File | 0.82 Gb Available in Paging File | 66.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27.95 Gb Total Space | 2.33 Gb Free Space | 8.32% Space Free | Partition Type: NTFS
Drive D: | 121.10 Gb Total Space | 8.43 Gb Free Space | 6.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SPEC
Current User Name: Thomas Kirschner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2002/04/12 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe
PRC - [2001/12/13 01:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe
PRC - [2009/06/24 19:27:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2008/04/14 04:22:45 | 01,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/08/06 09:25:10 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/10/23 14:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/02 12:47:02 | 00,464,264 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\AskService.exe
PRC - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/07/09 00:29:18 | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe
PRC - [2002/11/27 14:38:32 | 00,061,440 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe
PRC - [1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2005/10/10 21:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/03/26 20:56:01 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe
PRC - [2003/02/14 11:59:00 | 00,088,107 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2000/06/02 20:07:58 | 00,024,650 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE
PRC - [2002/08/08 11:38:16 | 00,045,108 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\Scansoft\PaperPort\pptd40nt.exe
PRC - [2008/06/05 01:09:56 | 04,994,288 | ---- | M] (Itiva Digital Media) -- C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
PRC - [2006/06/09 01:11:00 | 00,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe
PRC - [2006/07/19 19:00:00 | 00,036,961 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0230Mon.exe
PRC - [2002/08/20 10:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\System32\ezSP_Px.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Programme\QuickTime\QTTask.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe
PRC - [2009/02/27 18:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/06/12 14:32:26 | 00,700,416 | ---- | M] () -- C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/05/31 16:00:54 | 00,143,360 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
PRC - [2008/05/27 12:27:24 | 00,547,840 | ---- | M] (MagicISO, Inc.) -- C:\Programme\MagicDisc\MagicDisc.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe
PRC - [2009/02/20 15:22:34 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/09/29 02:45:30 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/06/24 19:27:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/08/06 09:25:10 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2006/10/23 14:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/04/02 12:47:02 | 00,464,264 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/09 00:29:20 | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Stopped])
SRV - [2008/07/09 00:29:18 | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2002/11/27 14:38:32 | 00,061,440 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps [Auto | Running])
SRV - [2002/04/12 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2009/03/04 06:29:33 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdate1c99c81d5dfa3cc [Auto | Stopped])
SRV - [2007/10/06 17:06:33 | 00,138,680 | ---- | M] (Google) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 04:22:23 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2005/10/10 21:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/06/29 02:01:48 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2002/12/24 11:01:22 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2005/03/26 20:56:01 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe -- (UserAccess7 [Auto | Running])
SRV - [2006/11/03 10:56:28 | 00,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: batchdownload@waxb.blog.com.cn:1.2.2
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009/07/02 11:33:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009/06/12 14:43:35 | 00,000,000 | ---D | M]
[2008/07/31 23:55:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Extensions
[2008/07/31 23:55:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/28 12:00:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions
[2009/01/29 14:58:38 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/02 11:06:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/09/08 00:54:44 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/01 04:27:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/11/12 17:28:11 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\batchdownload@waxb.blog.com.cn
[2009/08/02 11:06:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\piclens@cooliris.com
[2009/09/28 12:00:06 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions
[2009/06/12 14:43:35 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/24 19:37:41 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/04/20 14:46:48 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/20 14:40:26 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/12 14:43:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 14:43:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\brwsrcmp.dll
[2004/09/09 01:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Programme\mozilla firefox\plugins\np32dsw.dll
[2008/02/21 04:04:00 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Programme\mozilla firefox\plugins\npdivx32.dll
[2009/06/12 14:43:25 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Programme\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\mozilla firefox\plugins\nppdf32.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin7.dll
[2004/02/20 22:14:09 | 00,176,177 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npViewpoint.dll
[2008/09/30 02:08:18 | 00,001,394 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/30 02:08:18 | 00,002,193 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\answers.xml
[2008/09/30 02:08:18 | 00,001,534 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 23:56:01 | 00,002,343 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay.xml
[2008/09/30 02:08:18 | 00,001,706 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml
[2008/09/30 02:08:18 | 00,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/30 02:08:18 | 00,000,792 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe ()
O4 - HKLM..\Run: [Itiva Media Accelerator] C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (Itiva Digital Media)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\BRMFLPRO\BrDefPrt.exe ()
O4 - HKLM..\Run: [SideWinderTrayV4] C:\Programme\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StorageGuard] C:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\System32\V0230Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - Startup: C:\Dokumente und Einstellungen\Thomas Kirschner\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Dokumente und Einstellungen\Thomas Kirschner\Startmenü\Programme\Autostart\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SirSearch - C:\Programme\GRIPBTSS\Cache\SelectedContextSearch.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} http://chat2.playboy.com:4080/chat/data/ht...sie/msichat.ocx (ichat xchat Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {64697663-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/cinepak.cab (Reg Error: Key error.)
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} http://web1.photocolor.net/webupload/Activ...lorUploader.cab (PhotocolorUploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (MessengerStatsClient Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game04.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C8D533D0-31AA-4EBA-BD20-D5126963E0AC} http://www.webchat-solutions.de/chats/jfc/ActiveChat.CAB (WollnyITService.ActiveChat)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/THOMAS~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\userinit.exe: Debugger - File not found
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Programme\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/01 07:03:39 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a7e5c97-0e2f-11dd-854f-00038a000015}\Shell\AutoRun\command - "" = H:\Launch.exe -- File not found
O33 - MountPoints2\{4a7c77df-ce91-11db-82cd-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7c77df-ce91-11db-82cd-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75996356-4e00-11dc-8308-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{75996356-4e00-11dc-8308-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/09/29 02:45:44 | 00,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\RootRepeal.exe
[2009/09/29 02:45:30 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\OTL.exe
[2009/09/29 02:44:44 | 00,464,491 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\RootRepeal.zip
[2009/09/29 02:40:10 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/29 02:30:16 | 00,440,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\CKScanner.exe
[2009/09/29 02:29:56 | 00,173,119 | ---- | C] (Eric_71) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Rooter.exe
[2009/09/28 23:05:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/28 23:04:51 | 00,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2009/09/28 23:04:48 | 00,000,595 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\NTREGOPT.lnk
[2009/09/28 23:04:48 | 00,000,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\ERUNT.lnk
[2009/09/28 23:04:48 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009/09/28 23:02:57 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\TFC.exe
[2009/09/28 23:02:46 | 00,794,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\The_Comedian.exe
[2009/09/28 12:58:14 | 00,000,254 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125812.reg
[2009/09/28 12:57:52 | 00,005,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125751.reg
[2009/09/28 12:57:09 | 00,049,494 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125706.reg
[2009/09/25 16:32:32 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AOL
[2009/09/25 05:58:04 | 00,091,289 | ---- | C] () -- C:\WINDOWS\System32\ousivhfztup
[2009/09/24 05:32:40 | 02,202,796 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\31572135.jpg
[2009/09/23 09:46:51 | 02,757,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\mcd_coupons_zum_ausdrucken_sept_09.pdf
[2009/09/23 00:14:42 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\lovvekylie
[2009/09/22 16:10:35 | 00,604,242 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\barber2.jpg
[2009/09/22 16:01:55 | 01,677,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\CIMG1041.JPG
[2009/09/21 03:13:54 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\vlc
[2009/09/21 01:03:10 | 00,000,695 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2009/09/20 20:19:13 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Sara
[2009/09/19 23:51:52 | 02,562,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\019_bathroom_strip.wmv
[2009/09/18 19:55:14 | 00,020,578 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\eyebrow-kitty.jpg
[2009/09/17 19:45:03 | 00,027,105 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\Nocat1.jpg
[2009/09/17 17:57:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\ebay
[2009/09/16 06:59:05 | 01,438,639 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\haystacklanding.jpg
========== Files - Modified Within 14 Days ==========
[2009/09/29 03:35:37 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/29 03:34:55 | 00,039,369 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/29 03:34:23 | 00,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/29 03:34:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/29 03:34:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/29 02:45:30 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\OTL.exe
[2009/09/29 02:44:45 | 00,464,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\RootRepeal.zip
[2009/09/29 02:43:11 | 00,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/29 02:30:16 | 00,440,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\CKScanner.exe
[2009/09/29 02:29:57 | 00,173,119 | ---- | M] (Eric_71) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Rooter.exe
[2009/09/28 23:04:51 | 00,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2009/09/28 23:04:48 | 00,000,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\NTREGOPT.lnk
[2009/09/28 23:04:48 | 00,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\ERUNT.lnk
[2009/09/28 23:02:57 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\TFC.exe
[2009/09/28 23:02:47 | 00,794,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\The_Comedian.exe
[2009/09/28 12:58:16 | 00,000,254 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125812.reg
[2009/09/28 12:57:56 | 00,005,368 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125751.reg
[2009/09/28 12:57:17 | 00,049,494 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125706.reg
[2009/09/28 12:49:48 | 00,000,035 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2009/09/28 11:30:38 | 00,041,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/25 17:03:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/25 11:34:07 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/25 05:58:04 | 00,091,289 | ---- | M] () -- C:\WINDOWS\System32\ousivhfztup
[2009/09/24 05:32:41 | 02,202,796 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\31572135.jpg
[2009/09/23 09:46:52 | 02,757,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\mcd_coupons_zum_ausdrucken_sept_09.pdf
[2009/09/22 16:11:32 | 00,604,242 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\barber2.jpg
[2009/09/22 16:02:32 | 01,677,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\CIMG1041.JPG
[2009/09/22 03:03:01 | 00,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2009/09/21 01:03:10 | 00,000,695 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2009/09/19 23:51:53 | 02,562,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\019_bathroom_strip.wmv
[2009/09/18 19:55:15 | 00,020,578 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\eyebrow-kitty.jpg
[2009/09/17 19:45:04 | 00,027,105 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\Nocat1.jpg
[2009/09/16 06:59:05 | 01,438,639 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\haystacklanding.jpg
========== LOP Check ==========
[2009/09/25 16:32:32 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
[2009/02/06 12:49:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/03/24 06:33:56 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2003/04/15 10:37:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink
[2008/02/28 08:28:49 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Itiva
[2004/06/27 16:07:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision
[2009/05/30 01:20:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2006/02/26 05:18:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6
[2008/06/01 07:01:32 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2004/03/16 10:02:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground
[2003/06/07 09:47:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBSI
[2004/01/15 22:47:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2005/03/31 14:46:12 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUIIMAGE
[2009/08/20 11:24:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2005/10/09 03:24:29 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
[2007/10/06 17:02:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006/03/12 00:30:42 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2009/09/21 03:13:54 | 00,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten
[2005/07/11 16:08:51 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\.bittorrent
[2004/11/13 22:17:37 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Acclaim Entertainment
[2009/09/24 15:42:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Azureus
[2004/01/20 13:01:20 | 00,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Brother
[2005/06/22 21:01:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Canon
[2006/02/25 19:39:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\CDZilla
[2008/10/26 23:12:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/06/23 23:46:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\CoreCodec
[2003/10/19 22:45:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\CyberLink
[2009/09/01 20:05:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\dvdcss
[2008/11/05 23:30:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\GetRightToGo
[2009/04/18 11:56:00 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\gtk-2.0
[2003/06/08 14:02:38 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\InterTrust
[2004/08/20 11:22:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\InterVideo
[2004/03/12 20:21:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Leadertech
[2008/12/07 22:12:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\LEGO Company
[2007/10/14 22:39:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mIRC
[2006/06/04 18:16:42 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\MonkeyJam
[2006/03/04 15:52:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\MSN6
[2008/06/01 07:17:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\muvee Technologies
[2005/07/27 04:49:23 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Offline Explorer
[2007/10/07 18:51:55 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Opera
[2008/03/24 23:04:02 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Orbit
[2005/08/07 03:46:21 | 00,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\SecuROM
[2003/10/09 15:35:30 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Template
[2003/10/08 22:31:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\VERITAS
[2008/04/26 03:16:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Viewpoint
[2006/02/25 19:44:14 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\visviva
[2007/08/17 03:45:54 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\WebCam Recorder
[2006/02/11 15:30:12 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\You've Got Pictures Screensaver
[2009/09/25 11:34:07 | 00,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/04/06 05:55:35 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\family.guy.404.pdtv-lol.[VTV].job
[2009/09/29 03:34:23 | 00,001,084 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/29 02:43:11 | 00,001,088 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/29 03:34:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2005/10/31 17:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 144 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
511.36 Mb Total Physical Memory | 157.62 Mb Available Physical Memory | 30.82% Memory free
1.22 Gb Paging File | 0.82 Gb Available in Paging File | 66.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27.95 Gb Total Space | 2.33 Gb Free Space | 8.32% Space Free | Partition Type: NTFS
Drive D: | 121.10 Gb Total Space | 8.43 Gb Free Space | 6.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SPEC
Current User Name: Thomas Kirschner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2002/04/12 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe
PRC - [2001/12/13 01:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe
PRC - [2009/06/24 19:27:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2008/04/14 04:22:45 | 01,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/08/06 09:25:10 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/10/23 14:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/02 12:47:02 | 00,464,264 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\AskService.exe
PRC - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/07/09 00:29:18 | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe
PRC - [2002/11/27 14:38:32 | 00,061,440 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe
PRC - [1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2005/10/10 21:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/03/26 20:56:01 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe
PRC - [2003/02/14 11:59:00 | 00,088,107 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2000/06/02 20:07:58 | 00,024,650 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE
PRC - [2002/08/08 11:38:16 | 00,045,108 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\Scansoft\PaperPort\pptd40nt.exe
PRC - [2008/06/05 01:09:56 | 04,994,288 | ---- | M] (Itiva Digital Media) -- C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
PRC - [2006/06/09 01:11:00 | 00,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe
PRC - [2006/07/19 19:00:00 | 00,036,961 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0230Mon.exe
PRC - [2002/08/20 10:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\System32\ezSP_Px.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Programme\QuickTime\QTTask.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe
PRC - [2009/02/27 18:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/06/12 14:32:26 | 00,700,416 | ---- | M] () -- C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/05/31 16:00:54 | 00,143,360 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
PRC - [2008/05/27 12:27:24 | 00,547,840 | ---- | M] (MagicISO, Inc.) -- C:\Programme\MagicDisc\MagicDisc.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe
PRC - [2009/02/20 15:22:34 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/09/29 02:45:30 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/06/24 19:27:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/08/06 09:25:10 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2006/10/23 14:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/04/02 12:47:02 | 00,464,264 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/09 00:29:20 | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Stopped])
SRV - [2008/07/09 00:29:18 | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2002/11/27 14:38:32 | 00,061,440 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps [Auto | Running])
SRV - [2002/04/12 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2009/03/04 06:29:33 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdate1c99c81d5dfa3cc [Auto | Stopped])
SRV - [2007/10/06 17:06:33 | 00,138,680 | ---- | M] (Google) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 04:22:23 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2005/10/10 21:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/06/29 02:01:48 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2002/12/24 11:01:22 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2005/03/26 20:56:01 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe -- (UserAccess7 [Auto | Running])
SRV - [2006/11/03 10:56:28 | 00,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: batchdownload@waxb.blog.com.cn:1.2.2
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009/07/02 11:33:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009/06/12 14:43:35 | 00,000,000 | ---D | M]
[2008/07/31 23:55:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Extensions
[2008/07/31 23:55:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/28 12:00:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions
[2009/01/29 14:58:38 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/02 11:06:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/09/08 00:54:44 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/01 04:27:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/11/12 17:28:11 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\batchdownload@waxb.blog.com.cn
[2009/08/02 11:06:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mozilla\Firefox\Profiles\zdjou8ce.default\extensions\piclens@cooliris.com
[2009/09/28 12:00:06 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions
[2009/06/12 14:43:35 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/24 19:37:41 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/04/20 14:46:48 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/20 14:40:26 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/12 14:43:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 14:43:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\brwsrcmp.dll
[2004/09/09 01:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Programme\mozilla firefox\plugins\np32dsw.dll
[2008/02/21 04:04:00 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Programme\mozilla firefox\plugins\npdivx32.dll
[2009/06/12 14:43:25 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Programme\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\mozilla firefox\plugins\nppdf32.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/04 21:28:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin7.dll
[2004/02/20 22:14:09 | 00,176,177 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npViewpoint.dll
[2008/09/30 02:08:18 | 00,001,394 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/30 02:08:18 | 00,002,193 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\answers.xml
[2008/09/30 02:08:18 | 00,001,534 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 23:56:01 | 00,002,343 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay.xml
[2008/09/30 02:08:18 | 00,001,706 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml
[2008/09/30 02:08:18 | 00,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/30 02:08:18 | 00,000,792 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe ()
O4 - HKLM..\Run: [Itiva Media Accelerator] C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (Itiva Digital Media)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\BRMFLPRO\BrDefPrt.exe ()
O4 - HKLM..\Run: [SideWinderTrayV4] C:\Programme\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StorageGuard] C:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\System32\V0230Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - Startup: C:\Dokumente und Einstellungen\Thomas Kirschner\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Dokumente und Einstellungen\Thomas Kirschner\Startmenü\Programme\Autostart\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SirSearch - C:\Programme\GRIPBTSS\Cache\SelectedContextSearch.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} http://chat2.playboy.com:4080/chat/data/ht...sie/msichat.ocx (ichat xchat Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {64697663-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/cinepak.cab (Reg Error: Key error.)
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} http://web1.photocolor.net/webupload/Activ...lorUploader.cab (PhotocolorUploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (MessengerStatsClient Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game04.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C8D533D0-31AA-4EBA-BD20-D5126963E0AC} http://www.webchat-solutions.de/chats/jfc/ActiveChat.CAB (WollnyITService.ActiveChat)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/THOMAS~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\userinit.exe: Debugger - File not found
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Programme\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/01 07:03:39 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a7e5c97-0e2f-11dd-854f-00038a000015}\Shell\AutoRun\command - "" = H:\Launch.exe -- File not found
O33 - MountPoints2\{4a7c77df-ce91-11db-82cd-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7c77df-ce91-11db-82cd-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75996356-4e00-11dc-8308-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{75996356-4e00-11dc-8308-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/09/29 02:45:44 | 00,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\RootRepeal.exe
[2009/09/29 02:45:30 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\OTL.exe
[2009/09/29 02:44:44 | 00,464,491 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\RootRepeal.zip
[2009/09/29 02:40:10 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/29 02:30:16 | 00,440,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\CKScanner.exe
[2009/09/29 02:29:56 | 00,173,119 | ---- | C] (Eric_71) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Rooter.exe
[2009/09/28 23:05:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/28 23:04:51 | 00,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2009/09/28 23:04:48 | 00,000,595 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\NTREGOPT.lnk
[2009/09/28 23:04:48 | 00,000,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\ERUNT.lnk
[2009/09/28 23:04:48 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009/09/28 23:02:57 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\TFC.exe
[2009/09/28 23:02:46 | 00,794,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\The_Comedian.exe
[2009/09/28 12:58:14 | 00,000,254 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125812.reg
[2009/09/28 12:57:52 | 00,005,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125751.reg
[2009/09/28 12:57:09 | 00,049,494 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125706.reg
[2009/09/25 16:32:32 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AOL
[2009/09/25 05:58:04 | 00,091,289 | ---- | C] () -- C:\WINDOWS\System32\ousivhfztup
[2009/09/24 05:32:40 | 02,202,796 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\31572135.jpg
[2009/09/23 09:46:51 | 02,757,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\mcd_coupons_zum_ausdrucken_sept_09.pdf
[2009/09/23 00:14:42 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\lovvekylie
[2009/09/22 16:10:35 | 00,604,242 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\barber2.jpg
[2009/09/22 16:01:55 | 01,677,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\CIMG1041.JPG
[2009/09/21 03:13:54 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\vlc
[2009/09/21 01:03:10 | 00,000,695 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2009/09/20 20:19:13 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Sara
[2009/09/19 23:51:52 | 02,562,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\019_bathroom_strip.wmv
[2009/09/18 19:55:14 | 00,020,578 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\eyebrow-kitty.jpg
[2009/09/17 19:45:03 | 00,027,105 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\Nocat1.jpg
[2009/09/17 17:57:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\ebay
[2009/09/16 06:59:05 | 01,438,639 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\haystacklanding.jpg
========== Files - Modified Within 14 Days ==========
[2009/09/29 03:35:37 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/29 03:34:55 | 00,039,369 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/29 03:34:23 | 00,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/29 03:34:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/29 03:34:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/29 02:45:30 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\OTL.exe
[2009/09/29 02:44:45 | 00,464,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\RootRepeal.zip
[2009/09/29 02:43:11 | 00,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/29 02:30:16 | 00,440,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\CKScanner.exe
[2009/09/29 02:29:57 | 00,173,119 | ---- | M] (Eric_71) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\Rooter.exe
[2009/09/28 23:04:51 | 00,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2009/09/28 23:04:48 | 00,000,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\NTREGOPT.lnk
[2009/09/28 23:04:48 | 00,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\ERUNT.lnk
[2009/09/28 23:02:57 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\TFC.exe
[2009/09/28 23:02:47 | 00,794,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\The_Comedian.exe
[2009/09/28 12:58:16 | 00,000,254 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125812.reg
[2009/09/28 12:57:56 | 00,005,368 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125751.reg
[2009/09/28 12:57:17 | 00,049,494 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\cc_20090928_125706.reg
[2009/09/28 12:49:48 | 00,000,035 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2009/09/28 11:30:38 | 00,041,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/25 17:03:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/25 11:34:07 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/25 05:58:04 | 00,091,289 | ---- | M] () -- C:\WINDOWS\System32\ousivhfztup
[2009/09/24 05:32:41 | 02,202,796 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\31572135.jpg
[2009/09/23 09:46:52 | 02,757,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\mcd_coupons_zum_ausdrucken_sept_09.pdf
[2009/09/22 16:11:32 | 00,604,242 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\barber2.jpg
[2009/09/22 16:02:32 | 01,677,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\CIMG1041.JPG
[2009/09/22 03:03:01 | 00,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2009/09/21 01:03:10 | 00,000,695 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2009/09/19 23:51:53 | 02,562,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\019_bathroom_strip.wmv
[2009/09/18 19:55:15 | 00,020,578 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\eyebrow-kitty.jpg
[2009/09/17 19:45:04 | 00,027,105 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Eigene Dateien\Nocat1.jpg
[2009/09/16 06:59:05 | 01,438,639 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop\haystacklanding.jpg
========== LOP Check ==========
[2009/09/25 16:32:32 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
[2009/02/06 12:49:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/03/24 06:33:56 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2003/04/15 10:37:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink
[2008/02/28 08:28:49 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Itiva
[2004/06/27 16:07:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision
[2009/05/30 01:20:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2006/02/26 05:18:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6
[2008/06/01 07:01:32 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2004/03/16 10:02:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground
[2003/06/07 09:47:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBSI
[2004/01/15 22:47:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2005/03/31 14:46:12 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUIIMAGE
[2009/08/20 11:24:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2005/10/09 03:24:29 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
[2007/10/06 17:02:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006/03/12 00:30:42 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2009/09/21 03:13:54 | 00,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten
[2005/07/11 16:08:51 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\.bittorrent
[2004/11/13 22:17:37 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Acclaim Entertainment
[2009/09/24 15:42:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Azureus
[2004/01/20 13:01:20 | 00,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Brother
[2005/06/22 21:01:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Canon
[2006/02/25 19:39:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\CDZilla
[2008/10/26 23:12:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/06/23 23:46:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\CoreCodec
[2003/10/19 22:45:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\CyberLink
[2009/09/01 20:05:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\dvdcss
[2008/11/05 23:30:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\GetRightToGo
[2009/04/18 11:56:00 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\gtk-2.0
[2003/06/08 14:02:38 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\InterTrust
[2004/08/20 11:22:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\InterVideo
[2004/03/12 20:21:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Leadertech
[2008/12/07 22:12:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\LEGO Company
[2007/10/14 22:39:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\mIRC
[2006/06/04 18:16:42 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\MonkeyJam
[2006/03/04 15:52:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\MSN6
[2008/06/01 07:17:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\muvee Technologies
[2005/07/27 04:49:23 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Offline Explorer
[2007/10/07 18:51:55 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Opera
[2008/03/24 23:04:02 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Orbit
[2005/08/07 03:46:21 | 00,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\SecuROM
[2003/10/09 15:35:30 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Template
[2003/10/08 22:31:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\VERITAS
[2008/04/26 03:16:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\Viewpoint
[2006/02/25 19:44:14 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\visviva
[2007/08/17 03:45:54 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\WebCam Recorder
[2006/02/11 15:30:12 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Kirschner\Anwendungsdaten\You've Got Pictures Screensaver
[2009/09/25 11:34:07 | 00,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/04/06 05:55:35 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\family.guy.404.pdtv-lol.[VTV].job
[2009/09/29 03:34:23 | 00,001,084 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/29 02:43:11 | 00,001,088 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/29 03:34:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2005/10/31 17:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 144 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >
QUOTE
OTL Extras logfile created on: 9/29/2009 3:38:38 AM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
511.36 Mb Total Physical Memory | 157.62 Mb Available Physical Memory | 30.82% Memory free
1.22 Gb Paging File | 0.82 Gb Available in Paging File | 66.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27.95 Gb Total Space | 2.33 Gb Free Space | 8.32% Space Free | Partition Type: NTFS
Drive D: | 121.10 Gb Total Space | 8.43 Gb Free Space | 6.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SPEC
Current User Name: Thomas Kirschner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\SightSpeed\SightSpeed.exe" = C:\Programme\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" = C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator -- (Itiva Digital Media)
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00DA8C65-97F4-48D8-8D74-C16C6FC2B777}" = The Suffering
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}" = USB CASIO Digital Camera Device Driver
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.1
"{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}" = Severance: Blade of Darkness
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2366D960-F00F-11D3-99D3-00C04FCCB775}" = VAIO System Information
"{27C5164D-ED0E-4D64-B788-93305BD62101}" = PictureGear Studio 1.0
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5713F069-610A-11D6-9103-00E029591716}" = Brother MFL-Pro Suite
"{5FA88830-5B3D-497B-88B5-8DD82BB7BC74}" = Far Cry (Patch 2)
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Installer 2.1
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76B78008-3832-42FD-AE55-C8F946ED3C7E}" = muvee autoProducer 4.1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{8214CC02-6271-4DC8-B8DD-779933450264}" = VERITAS RecordNow
"{83437081-8186-4F63-BD39-4BE8A691E055}" = Hidden & Dangerous 2
"{862983D7-FA08-493E-A9ED-6B7859E069D3}" = Canon PhotoRecord
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Internet Library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = RAW Image Task 2.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.0
"{E2222809-FDED-4C7E-8F25-2337A8F39F03}" = Hidden & Dangerous 2 Sabre Squadron
"{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Premiere 6 LE" = Adobe Premiere 6 LE
"Advanced Video FX Engine" = Advanced Video FX Engine
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Ask Toolbar_is1" = Vuze Toolbar
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blaze Media Pro" = Blaze Media Pro
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"CCleaner" = CCleaner (remove only)
"CDisplayEx_is1" = CDisplayEx 1.4
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Video IM Pro User's Guide English" = Creative Live! Cam Video IM Pro User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.00.07.0725)
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DirectVobSub" = DirectVobSub (remove only)
"DS-MP3 Source" = DS-MP3 Source 1.30
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.1.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1058+] [2007-03-22]
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps
"GIF Movie Gear_is1" = GIF Movie Gear 4.0.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{00DA8C65-97F4-48D8-8D74-C16C6FC2B777}" = The Suffering
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber
"InstallShield_{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{83437081-8186-4F63-BD39-4BE8A691E055}" = Hidden & Dangerous 2
"InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"InstallShield_{E2222809-FDED-4C7E-8F25-2337A8F39F03}" = Hidden & Dangerous 2 Sabre Squadron
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"Itiva Media Accelerator" = Itiva Media Accelerator
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MagicDisc 2.7.97" = MagicDisc 2.7.97
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System" = EA Network Play System
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-02-25-01
"PeerGuardian_is1" = PeerGuardian 2.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealOne Player
"Shockwave" = Shockwave
"SideWinder Precision 2" = SideWinder Precision 2
"SightSpeed" = SightSpeed (remove only)
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"STARWARS: The Battle of Yavin v1.1_is1" = STARWARS: The Battle of Yavin version 1.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"Tastenteufel" = Tastenteufel
"T-Online Browser" = T-Online Browser 4.0
"T-Online Messenger (TOM)" = T-Online Messenger (TOM) 4.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"Warhammer 40,000: Chaos Gate" = Warhammer 40,000: Chaos Gate
"Website Ripper Copier" = Website Ripper Copier
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XVid" = XVid;-)
"Yahoo! Messenger" = Yahoo! Messenger
"ZENcast Organizer" = ZENcast Organizer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/28/2009 11:43:02 AM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 12:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 1:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 2:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 3:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 4:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 5:43:03 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 6:43:06 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 7:43:09 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 8:43:06 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
[ System Events ]
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung
für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht
gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bonjour Service" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avgio AvgLdx86 AvgMfx86 avipbb DMICall Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT
prodrv06
RasAcd
Rdbss
ssmdrv
Tcpip
Error - 9/28/2009 9:35:34 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Update Service (gupdate1c99c81d5dfa3cc).
Error - 9/28/2009 9:35:34 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate1c99c81d5dfa3cc)" wurde
aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 9/28/2009 9:35:34 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Updater Service.
< End of report >
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Dokumente und Einstellungen\Thomas Kirschner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
511.36 Mb Total Physical Memory | 157.62 Mb Available Physical Memory | 30.82% Memory free
1.22 Gb Paging File | 0.82 Gb Available in Paging File | 66.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27.95 Gb Total Space | 2.33 Gb Free Space | 8.32% Space Free | Partition Type: NTFS
Drive D: | 121.10 Gb Total Space | 8.43 Gb Free Space | 6.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SPEC
Current User Name: Thomas Kirschner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\SightSpeed\SightSpeed.exe" = C:\Programme\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" = C:\Programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator -- (Itiva Digital Media)
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00DA8C65-97F4-48D8-8D74-C16C6FC2B777}" = The Suffering
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}" = USB CASIO Digital Camera Device Driver
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.1
"{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}" = Severance: Blade of Darkness
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2366D960-F00F-11D3-99D3-00C04FCCB775}" = VAIO System Information
"{27C5164D-ED0E-4D64-B788-93305BD62101}" = PictureGear Studio 1.0
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5713F069-610A-11D6-9103-00E029591716}" = Brother MFL-Pro Suite
"{5FA88830-5B3D-497B-88B5-8DD82BB7BC74}" = Far Cry (Patch 2)
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Installer 2.1
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76B78008-3832-42FD-AE55-C8F946ED3C7E}" = muvee autoProducer 4.1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{8214CC02-6271-4DC8-B8DD-779933450264}" = VERITAS RecordNow
"{83437081-8186-4F63-BD39-4BE8A691E055}" = Hidden & Dangerous 2
"{862983D7-FA08-493E-A9ED-6B7859E069D3}" = Canon PhotoRecord
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Internet Library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = RAW Image Task 2.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.0
"{E2222809-FDED-4C7E-8F25-2337A8F39F03}" = Hidden & Dangerous 2 Sabre Squadron
"{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Premiere 6 LE" = Adobe Premiere 6 LE
"Advanced Video FX Engine" = Advanced Video FX Engine
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Ask Toolbar_is1" = Vuze Toolbar
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blaze Media Pro" = Blaze Media Pro
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"CCleaner" = CCleaner (remove only)
"CDisplayEx_is1" = CDisplayEx 1.4
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Video IM Pro User's Guide English" = Creative Live! Cam Video IM Pro User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.00.07.0725)
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DirectVobSub" = DirectVobSub (remove only)
"DS-MP3 Source" = DS-MP3 Source 1.30
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.1.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1058+] [2007-03-22]
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps
"GIF Movie Gear_is1" = GIF Movie Gear 4.0.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{00DA8C65-97F4-48D8-8D74-C16C6FC2B777}" = The Suffering
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber
"InstallShield_{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{83437081-8186-4F63-BD39-4BE8A691E055}" = Hidden & Dangerous 2
"InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"InstallShield_{E2222809-FDED-4C7E-8F25-2337A8F39F03}" = Hidden & Dangerous 2 Sabre Squadron
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"Itiva Media Accelerator" = Itiva Media Accelerator
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MagicDisc 2.7.97" = MagicDisc 2.7.97
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System" = EA Network Play System
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-02-25-01
"PeerGuardian_is1" = PeerGuardian 2.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealOne Player
"Shockwave" = Shockwave
"SideWinder Precision 2" = SideWinder Precision 2
"SightSpeed" = SightSpeed (remove only)
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"STARWARS: The Battle of Yavin v1.1_is1" = STARWARS: The Battle of Yavin version 1.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"Tastenteufel" = Tastenteufel
"T-Online Browser" = T-Online Browser 4.0
"T-Online Messenger (TOM)" = T-Online Messenger (TOM) 4.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"Warhammer 40,000: Chaos Gate" = Warhammer 40,000: Chaos Gate
"Website Ripper Copier" = Website Ripper Copier
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XVid" = XVid;-)
"Yahoo! Messenger" = Yahoo! Messenger
"ZENcast Organizer" = ZENcast Organizer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/28/2009 11:43:02 AM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 12:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 1:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 2:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 3:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 4:43:02 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 5:43:03 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 6:43:06 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 7:43:09 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
Error - 9/28/2009 8:43:06 PM | Computer Name = SPEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung GoogleUpdate.exe, Version 1.2.131.7, fehlgeschlagenes
Modul GoogleUpdate.exe, Version 1.2.131.7, Fehleradresse 0x00006eef.
[ System Events ]
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung
für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht
gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bonjour Service" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 9/28/2009 9:03:10 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avgio AvgLdx86 AvgMfx86 avipbb DMICall Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT
prodrv06
RasAcd
Rdbss
ssmdrv
Tcpip
Error - 9/28/2009 9:35:34 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Update Service (gupdate1c99c81d5dfa3cc).
Error - 9/28/2009 9:35:34 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate1c99c81d5dfa3cc)" wurde
aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 9/28/2009 9:35:34 PM | Computer Name = SPEC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Updater Service.
< End of report >
don't put the logs in quotes
Run OTL
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the followingCODE:OTL
O33 - MountPoints2\{0a7e5c97-0e2f-11dd-854f-00038a000015}\Shell\AutoRun\command - "" = H:\Launch.exe -- File not found
O33 - MountPoints2\{4a7c77df-ce91-11db-82cd-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7c77df-ce91-11db-82cd-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75996356-4e00-11dc-8308-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{75996356-4e00-11dc-8308-00038a000015}\Shell\AutoRun - "" = Auto&Play
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
I ran OTL but ComboFix.exe didn't start, just like MBAM doesn't. A number of programs on my computer seem to be prevented from executing.
can you rename combofix to svchost.com
runs then ?
runs then ?
Now it worked.
ComboFix 09-09-28.01 - Thomas Kirschner 09/29/2009 21:14.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.196 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Thomas Kirschner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Adobe\Player.exe.bak
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\11b134e.msi
c:\windows\Installer\11b1355.msi
c:\windows\Installer\11b135c.msi
c:\windows\Installer\7066ec.msi
c:\windows\Installer\7066f2.msi
c:\windows\Installer\90810.msi
c:\windows\Installer\c4b84ef.msi
c:\windows\system32\drivers\UACjmvgmifbtx.sys
c:\windows\system32\uacinit.dll
c:\windows\system32\UACqjnlnoubgc.dll
c:\windows\system32\UACvshvafrbnm.dat
c:\windows\system32\UACwviisiqhqb.dll
c:\windows\system32\UACysnhpboqec.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((( Dateien erstellt von 2009-08-28 bis 2009-09-29 ))))))))))))))))))))))))))))))
.
2009-09-28 21:04 . 2009-09-28 21:04 -------- d-----w- c:\programme\ERUNT
2009-09-26 20:49 . 2004-08-04 00:58 25088 ----a-w- c:\windows\system32\userinit.exe
2009-09-25 14:51 . 2009-09-25 14:51 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2009-09-25 14:51 . 2009-09-25 14:51 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2009-09-25 14:32 . 2009-09-25 14:32 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AOL
2009-09-21 01:13 . 2009-09-29 08:15 -------- d-----w- c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\vlc
2009-09-10 22:25 . 2009-09-10 22:25 -------- d-sh--w- c:\dokumente und einstellungen\Thomas Kirschner\IECompatCache
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 18:59 . 2007-10-25 15:48 -------- d-----w- c:\programme\PeerGuardian2
2009-09-29 18:55 . 2006-04-08 10:43 -------- d-----w- c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Azureus
2009-09-18 02:29 . 2008-06-30 16:11 -------- d-----w- c:\programme\CDisplayEx
2009-09-17 17:26 . 2003-10-14 09:38 -------- d-----w- c:\programme\Yahoo!
2009-09-17 17:03 . 2003-10-09 13:20 -------- d-----w- c:\programme\Creative
2009-09-17 16:59 . 2007-05-11 21:12 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative
2009-09-10 22:40 . 2008-09-09 03:32 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2008-09-09 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-09-09 03:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 13:34 . 2007-10-07 16:51 -------- d-----w- c:\programme\Opera
2009-09-01 18:05 . 2006-01-28 19:24 -------- d-----w- c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\dvdcss
2009-08-29 11:57 . 2009-02-06 10:48 -------- d-----w- c:\programme\iTunes
2009-08-29 11:49 . 2007-10-13 12:29 -------- d-----w- c:\programme\Azureus
2009-08-20 09:24 . 2008-10-15 12:43 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-08-09 10:27 . 2008-04-03 09:25 -------- d-----w- c:\programme\Messenger Plus! Live
2009-08-06 07:25 . 2009-06-23 22:54 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 03:55 . 2008-10-22 10:22 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-08-01 02:27 . 2009-08-01 02:27 -------- d-----w- c:\programme\AskBarDis
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\programme\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\programme\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"Creative Live! Cam Manager"="c:\programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"Messenger (Yahoo!)"="c:\programme\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="c:\programme\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648]
"SideWinderTrayV4"="c:\progra~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe" [2000-06-02 24650]
"PaperPort PTD"="c:\programme\Scansoft\PaperPort\pptd40nt.exe" [2002-08-08 45108]
"IndexSearch"="c:\programme\Scansoft\PaperPort\IndexSearch.exe" [2002-08-08 36864]
"SetDefPrt"="c:\programme\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 40960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"Itiva Media Accelerator"="c:\programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-06-04 4994288]
"AVFX Engine"="c:\programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-10-10 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\Thomas Kirschner\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\programme\MagicDisc\MagicDisc.exe [2008-7-1 547840]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Google Updater.lnk - c:\programme\Google\Google Updater\GoogleUpdater.exe [2007-10-6 126136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~2\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\SightSpeed\\SightSpeed.exe"=
"c:\\Programme\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"=
"c:\\Programme\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programme\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/9/2008 12:30 AM 96520]
R1 SSHDRV62;SSHDRV62;c:\windows\system32\drivers\SSHDRV62.sys [7/5/2004 7:10 PM 108032]
R1 SSHDRV64;SSHDRV64;c:\windows\system32\drivers\SSHDRV64.sys [7/7/2004 6:07 AM 113152]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [6/24/2009 12:54 AM 108289]
R2 ASKService;ASKService;c:\programme\AskBarDis\bar\bin\AskService.exe [8/1/2009 4:27 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\programme\AskBarDis\bar\bin\ASKUpgrade.exe [8/1/2009 4:28 AM 234888]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/9/2008 12:29 AM 231192]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/9/2008 12:30 AM 76040]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/9/2008 12:29 AM 873752]
S2 DETEWECP;Telekom CapiPort;c:\windows\system32\drivers\detewecp.sys --> c:\windows\system32\drivers\detewecp.sys [?]
S2 gupdate1c99c81d5dfa3cc;Google Update Service (gupdate1c99c81d5dfa3cc);c:\programme\Google\Update\GoogleUpdate.exe [3/4/2009 6:29 AM 133104]
S3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\drivers\BrFilt.sys [1/15/2004 10:30 PM 2944]
S3 BrSerWDM;Brother-Treiber (seriell);c:\windows\system32\drivers\BrSerWdm.sys [1/15/2004 10:30 PM 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\drivers\BrUsbMdm.sys [1/15/2004 10:30 PM 11008]
S3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\drivers\BrUsbScn.sys [1/15/2004 10:30 PM 10368]
S3 dtwmnic5;Telekom T-Eumex 520PC;c:\windows\system32\DRIVERS\dtwmnic5.sys --> c:\windows\system32\DRIVERS\dtwmnic5.sys [?]
S3 TOMCATWAN;T-Online DynamicISDN (WDM);c:\windows\system32\DRIVERS\WTOMCAT.SYS --> c:\windows\system32\DRIVERS\WTOMCAT.SYS [?]
S3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys --> c:\windows\system32\Drivers\ulisa.sys [?]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [6/1/2008 7:07 AM 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [6/1/2008 7:07 AM 498464]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners
2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-04 04:29]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-04 04:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Microsoft Internet Explorer
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SirSearch - file://c:\programme\GRIPBTSS\Cache\SelectedContextSearch.htm
TCP: {7D8BAD78-BE4F-4AAC-8287-7F9D3C4A6CD9} = 0.0.0.0
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} - hxxp://web1.photocolor.net/webupload/ActiveX/PhotocolorUploader.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
DPF: {C8D533D0-31AA-4EBA-BD20-D5126963E0AC} - hxxp://www.webchat-solutions.de/chats/jfc/ActiveChat.CAB
FF - ProfilePath - c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Mozilla\Firefox\Profiles\zdjou8ce.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Mozilla\Firefox\Profiles\zdjou8ce.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Mozilla\Firefox\Profiles\zdjou8ce.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programme\Itiva\Itiva Media Accelerator\npima.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 21:26
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
**************************************************************************
.
Zeit der Fertigstellung: 2009-09-29 21:30
ComboFix-quarantined-files.txt 2009-09-29 19:29
Vor Suchlauf: 2,201,341,952 Bytes frei
Nach Suchlauf: 2,166,927,360 Bytes frei
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
210 --- E O F --- 2009-06-01 20:04
ComboFix 09-09-28.01 - Thomas Kirschner 09/29/2009 21:14.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.196 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Thomas Kirschner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Adobe\Player.exe.bak
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\11b134e.msi
c:\windows\Installer\11b1355.msi
c:\windows\Installer\11b135c.msi
c:\windows\Installer\7066ec.msi
c:\windows\Installer\7066f2.msi
c:\windows\Installer\90810.msi
c:\windows\Installer\c4b84ef.msi
c:\windows\system32\drivers\UACjmvgmifbtx.sys
c:\windows\system32\uacinit.dll
c:\windows\system32\UACqjnlnoubgc.dll
c:\windows\system32\UACvshvafrbnm.dat
c:\windows\system32\UACwviisiqhqb.dll
c:\windows\system32\UACysnhpboqec.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((( Dateien erstellt von 2009-08-28 bis 2009-09-29 ))))))))))))))))))))))))))))))
.
2009-09-28 21:04 . 2009-09-28 21:04 -------- d-----w- c:\programme\ERUNT
2009-09-26 20:49 . 2004-08-04 00:58 25088 ----a-w- c:\windows\system32\userinit.exe
2009-09-25 14:51 . 2009-09-25 14:51 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2009-09-25 14:51 . 2009-09-25 14:51 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2009-09-25 14:32 . 2009-09-25 14:32 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AOL
2009-09-21 01:13 . 2009-09-29 08:15 -------- d-----w- c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\vlc
2009-09-10 22:25 . 2009-09-10 22:25 -------- d-sh--w- c:\dokumente und einstellungen\Thomas Kirschner\IECompatCache
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 18:59 . 2007-10-25 15:48 -------- d-----w- c:\programme\PeerGuardian2
2009-09-29 18:55 . 2006-04-08 10:43 -------- d-----w- c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Azureus
2009-09-18 02:29 . 2008-06-30 16:11 -------- d-----w- c:\programme\CDisplayEx
2009-09-17 17:26 . 2003-10-14 09:38 -------- d-----w- c:\programme\Yahoo!
2009-09-17 17:03 . 2003-10-09 13:20 -------- d-----w- c:\programme\Creative
2009-09-17 16:59 . 2007-05-11 21:12 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative
2009-09-10 22:40 . 2008-09-09 03:32 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2008-09-09 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-09-09 03:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 13:34 . 2007-10-07 16:51 -------- d-----w- c:\programme\Opera
2009-09-01 18:05 . 2006-01-28 19:24 -------- d-----w- c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\dvdcss
2009-08-29 11:57 . 2009-02-06 10:48 -------- d-----w- c:\programme\iTunes
2009-08-29 11:49 . 2007-10-13 12:29 -------- d-----w- c:\programme\Azureus
2009-08-20 09:24 . 2008-10-15 12:43 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-08-09 10:27 . 2008-04-03 09:25 -------- d-----w- c:\programme\Messenger Plus! Live
2009-08-06 07:25 . 2009-06-23 22:54 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 03:55 . 2008-10-22 10:22 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-08-01 02:27 . 2009-08-01 02:27 -------- d-----w- c:\programme\AskBarDis
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\programme\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\programme\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"Creative Live! Cam Manager"="c:\programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"Messenger (Yahoo!)"="c:\programme\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="c:\programme\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648]
"SideWinderTrayV4"="c:\progra~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe" [2000-06-02 24650]
"PaperPort PTD"="c:\programme\Scansoft\PaperPort\pptd40nt.exe" [2002-08-08 45108]
"IndexSearch"="c:\programme\Scansoft\PaperPort\IndexSearch.exe" [2002-08-08 36864]
"SetDefPrt"="c:\programme\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 40960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"Itiva Media Accelerator"="c:\programme\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-06-04 4994288]
"AVFX Engine"="c:\programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-10-10 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\Thomas Kirschner\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\programme\MagicDisc\MagicDisc.exe [2008-7-1 547840]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Google Updater.lnk - c:\programme\Google\Google Updater\GoogleUpdater.exe [2007-10-6 126136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~2\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\SightSpeed\\SightSpeed.exe"=
"c:\\Programme\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"=
"c:\\Programme\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programme\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/9/2008 12:30 AM 96520]
R1 SSHDRV62;SSHDRV62;c:\windows\system32\drivers\SSHDRV62.sys [7/5/2004 7:10 PM 108032]
R1 SSHDRV64;SSHDRV64;c:\windows\system32\drivers\SSHDRV64.sys [7/7/2004 6:07 AM 113152]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [6/24/2009 12:54 AM 108289]
R2 ASKService;ASKService;c:\programme\AskBarDis\bar\bin\AskService.exe [8/1/2009 4:27 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\programme\AskBarDis\bar\bin\ASKUpgrade.exe [8/1/2009 4:28 AM 234888]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/9/2008 12:29 AM 231192]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/9/2008 12:30 AM 76040]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/9/2008 12:29 AM 873752]
S2 DETEWECP;Telekom CapiPort;c:\windows\system32\drivers\detewecp.sys --> c:\windows\system32\drivers\detewecp.sys [?]
S2 gupdate1c99c81d5dfa3cc;Google Update Service (gupdate1c99c81d5dfa3cc);c:\programme\Google\Update\GoogleUpdate.exe [3/4/2009 6:29 AM 133104]
S3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\drivers\BrFilt.sys [1/15/2004 10:30 PM 2944]
S3 BrSerWDM;Brother-Treiber (seriell);c:\windows\system32\drivers\BrSerWdm.sys [1/15/2004 10:30 PM 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\drivers\BrUsbMdm.sys [1/15/2004 10:30 PM 11008]
S3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\drivers\BrUsbScn.sys [1/15/2004 10:30 PM 10368]
S3 dtwmnic5;Telekom T-Eumex 520PC;c:\windows\system32\DRIVERS\dtwmnic5.sys --> c:\windows\system32\DRIVERS\dtwmnic5.sys [?]
S3 TOMCATWAN;T-Online DynamicISDN (WDM);c:\windows\system32\DRIVERS\WTOMCAT.SYS --> c:\windows\system32\DRIVERS\WTOMCAT.SYS [?]
S3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys --> c:\windows\system32\Drivers\ulisa.sys [?]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [6/1/2008 7:07 AM 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [6/1/2008 7:07 AM 498464]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners
2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-04 04:29]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-04 04:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Microsoft Internet Explorer
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SirSearch - file://c:\programme\GRIPBTSS\Cache\SelectedContextSearch.htm
TCP: {7D8BAD78-BE4F-4AAC-8287-7F9D3C4A6CD9} = 0.0.0.0
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} - hxxp://web1.photocolor.net/webupload/ActiveX/PhotocolorUploader.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
DPF: {C8D533D0-31AA-4EBA-BD20-D5126963E0AC} - hxxp://www.webchat-solutions.de/chats/jfc/ActiveChat.CAB
FF - ProfilePath - c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Mozilla\Firefox\Profiles\zdjou8ce.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Mozilla\Firefox\Profiles\zdjou8ce.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Mozilla\Firefox\Profiles\zdjou8ce.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\dokumente und einstellungen\Thomas Kirschner\Anwendungsdaten\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programme\Itiva\Itiva Media Accelerator\npima.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 21:26
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
**************************************************************************
.
Zeit der Fertigstellung: 2009-09-29 21:30
ComboFix-quarantined-files.txt 2009-09-29 19:29
Vor Suchlauf: 2,201,341,952 Bytes frei
Nach Suchlauf: 2,166,927,360 Bytes frei
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
210 --- E O F --- 2009-06-01 20:04
hi
Download TFC to your desktop
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases - Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
MBAM scan:
Malwarebytes' Anti-Malware 1.41
Database version: 2877
Windows 5.1.2600 Service Pack 3
9/30/2009 6:16:50 PM
mbam-log-2009-09-30 (18-16-50).txt
Scan type: Quick Scan
Objects scanned: 115097
Time elapsed: 6 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Kaspersky Scan:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 1, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 30, 2009 15:41:47
Records in database: 2936511
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 244674
Threats found: 3
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 05:46:23
File name / Threat / Threats count
C:\Programme\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACjmvgmifbtx.sys.vir Infected: Rootkit.Win32.Agent.udq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqjnlnoubgc.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwviisiqhqb.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACysnhpboqec.dll.vir Infected: Packed.Win32.TDSS.y 1
Selected area has been scanned.
Malwarebytes' Anti-Malware 1.41
Database version: 2877
Windows 5.1.2600 Service Pack 3
9/30/2009 6:16:50 PM
mbam-log-2009-09-30 (18-16-50).txt
Scan type: Quick Scan
Objects scanned: 115097
Time elapsed: 6 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Kaspersky Scan:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 1, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 30, 2009 15:41:47
Records in database: 2936511
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 244674
Threats found: 3
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 05:46:23
File name / Threat / Threats count
C:\Programme\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACjmvgmifbtx.sys.vir Infected: Rootkit.Win32.Agent.udq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqjnlnoubgc.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwviisiqhqb.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACysnhpboqec.dll.vir Infected: Packed.Win32.TDSS.y 1
Selected area has been scanned.
Your logs are clean
Follow these steps to uninstall Combofix and tools used in the removal of malware
Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html
Please download JavaRa to your desktop and unzip it to its own folder
Below I have included a number of recommendations for how to protect your computer against malware infections.
Thank you for your patience, and performing all of the procedures requested.
Follow these steps to uninstall Combofix and tools used in the removal of malware
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Download OTC to your desktop and run it
- Click Yes to beginning the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Below I have included a number of recommendations for how to protect your computer against malware infections.
- Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer. - SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
- Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
- FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
- Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
- Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
Thanks a lot for the good help.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.