Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/spy.729600.4 im sec takt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.09.2010, 13:21   #1
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



Hallo liebe Forengemeinde


Da ich sogut wie keine Ahnung von Pcs habe, wurde mir vom Kumpel nahegelegt mich an euch zu wenden.

Habe folgendes problem

Habe mir beim streamen nen virus eingefangen und dummerweise ueber diesen Virus nen antivirenprogramm runtergeladen,da avira antivir diesen nicht deleted
(Antivirusguard welches vor systemstart laed)

Liess darauf hin Spybot und Avira nach einander laufen bis sie nichts mehr fanden.

Nachdem ich irgendwann auf die Idee kam (Antivirusguard) beim systemstart mit dem taskmanager zu beenden fand avira noch folgende viren


Virusname Filename

TR/spy.729600.4 dlo20.dll.bak findet Avira im sec takt

TR/gendal.652288.1 sjaipk[1].htm
TR/PSW.ldpinch.apww vvgkfy[1].htm
TR/PSW.ldpinch.apww vvgkfy[1].htm
TR/PSW.ldpinch.apxc jjdlsnvtov[1].htm

TR/Gendal.652288.1 sjaipk[1].htm

Da ich wie oben schon gesagt hab nicht wirklich ahung von pcs habe waere ich dankbar wenn
man mir den Loesungsweg so einfach wie moeglich erklaert danke schonmal im vorraus

greets



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:28, on 28.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\PLFSetI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\xxx\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - c:\windows\system32\dlo20.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\xxx\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7615 bytes

Alt 28.09.2010, 19:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 28.09.2010, 20:14   #3
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



Danke hier schonmal die OTL logs
lasse Malwarebytes nochmal durchlaufen

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4712

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

28.09.2010 22:03:30
mbam-log-2010-09-28 (22-03-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 190462
Time elapsed: 1 hour(s), 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________

Geändert von crazynotion (28.09.2010 um 21:04 Uhr) Grund: edit

Alt 28.09.2010, 20:22   #4
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



extras von otl

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.09.2010 19:24:29 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Documents and Settings\Wandi\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 428,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 13,25 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KUNDI
Current User Name: Wandi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module unknown, version 0.0.0.0, fault address 0x0d73f840.
 
Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.
 
Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module , version 0.0.0.0, fault address 0x00000000.
 
Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
 
Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.
 
Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module unknown, version 0.0.0.0, fault address 0x0e6bf470.
 
Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.
 
Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module unknown, version 0.0.0.0, fault address 0x04daf540.
 
[ System Events ]
Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
 
Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
 
Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with
 the following error:   %%5
 
Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
 
Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
 
Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly.  It 
has done this 1 time(s).
 
Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
 
 
< End of report >
         
--- --- ---

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0d73f840.

Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.

Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0e6bf470.

Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.

Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04daf540.

[ System Events ]
Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with
the following error: %%5

Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0d73f840.

Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.

Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0e6bf470.

Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.

Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04daf540.

[ System Events ]
Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with
the following error: %%5

Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0d73f840.

Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.

Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0e6bf470.

Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.

Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04daf540.

[ System Events ]
Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with
the following error: %%5

Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0d73f840.

Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.

Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0e6bf470.

Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.

Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04daf540.

[ System Events ]
Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with
the following error: %%5

Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.


< End of report >
[/quote]

Alt 28.09.2010, 20:41   #5
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



1ster teil vom OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.09.2010 19:24:29 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Documents and Settings\Wandi\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 428,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 13,25 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KUNDI
Current User Name: Wandi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 18:45:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M]
 
[2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions
[2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions
[2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml
[2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml
[2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml
[2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml
[2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [M3000Mnt]  File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\WINDOWS\Dhysya.exe
[2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent
[2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes
[2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools
[2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com
[2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com
[2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com
[2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations
[2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help
[2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help
[2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll
[2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll
[2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll
[2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll
[2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll
[2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll
[2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll
[2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll
[2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll
[2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll
[2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2)
[2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle
[2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0
[2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System
[2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit
[2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft
[2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe
[2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup
[2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup
[2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3
[2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 11:58:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG
[2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys
[2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat
[2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat
[2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini
[2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak
[2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll
[2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll
 
========== LOP Check ==========
 
[2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321
[2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer
[2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer
[2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller
[2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow
[2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template
[2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
< End of report >
         
--- --- ---
PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll ()


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 18:45:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M]

[2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions
[2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions
[2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml
[2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml
[2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml
[2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml
[2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent
[2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes
[2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools
[2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com
[2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com
[2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com
[2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations
[2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help
[2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help
[2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll
[2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll
[2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll
[2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll
[2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll
[2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll
[2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll
[2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll
[2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll
[2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll
[2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2)
[2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle
[2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0
[2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System
[2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit
[2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft
[2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe
[2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup
[2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup
[2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3
[2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[/code]


Geändert von crazynotion (28.09.2010 um 20:57 Uhr)

Alt 28.09.2010, 20:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



Was ist mit malwarebytes? Ich hab nicht geschrieben, dass die Reihenfolge beliebig ist. Eigentlich erst MBAM, dann OTL!
__________________
--> TR/spy.729600.4 im sec takt

Alt 28.09.2010, 20:58   #7
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



========== Files Created - No Company Name ==========

[2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 11:58:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG
[2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys
[2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat
[2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat
[2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini
[2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak
[2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll
[2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll

========== LOP Check ==========

[2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321
[2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer
[2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer
[2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller
[2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow
[2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template
[2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54

< End of report >
PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll ()


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 18:45:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M]

[2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions
[2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions
[2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml
[2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml
[2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml
[2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml
[2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent
[2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes
[2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools
[2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com
[2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com
[2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com
[2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations
[2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help
[2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help
[2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll
[2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll
[2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll
[2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll
[2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll
[2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll
[2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll
[2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll
[2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll
[2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll
[2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2)
[2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle
[2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0
[2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System
[2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit
[2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft
[2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe
[2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup
[2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup
[2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3
[2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 11:58:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG
[2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys
[2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat
[2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat
[2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini
[2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak
[2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll
[2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll

========== LOP Check ==========

[2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321
[2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer
[2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer
[2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller
[2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow
[2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template
[2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54

< End of report >
[2010.09.28 19:45:28 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG
[2010.09.28 19:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype
[2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.09.28 19:20:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent
[2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 17:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 17:53:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data
[2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes
[2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010.09.28 17:53:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.28 17:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop
[2010.09.28 17:40:58 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 17:40:47 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010.09.28 12:15:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies
[2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2010.09.25 12:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing
[2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com
[2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com
[2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss
[2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB
[2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help
[2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help
[2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0
[2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB
[2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu
[2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM
[2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft
[2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft
[2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys
[2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat
[2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat
[2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db
[2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini
[2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== LOP Check ==========

[2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321
[2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer
[2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer
[2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller
[2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow
[2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template
[2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54

< End of report >
[2010.09.28 19:49:37 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG
[2010.09.28 19:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype
[2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.09.28 19:20:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent
[2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 17:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 17:53:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data
[2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes
[2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010.09.28 17:53:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.28 17:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop
[2010.09.28 17:40:58 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 17:40:47 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010.09.28 12:15:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies
[2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2010.09.25 12:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing
[2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com
[2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com
[2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss
[2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB
[2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help
[2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help
[2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0
[2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB
[2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu
[2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM
[2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft
[2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft
[2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys
[2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat
[2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat
[2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db
[2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini
[2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== LOP Check ==========

[2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321
[2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer
[2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer
[2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller
[2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow
[2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template
[2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer
[2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54

< End of report >

Alt 28.09.2010, 21:11   #8
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



hier ist der erste log vom maleware
sry wegen der unubersichtlichkeit weiss nicht wie ich das wegbekomme
vllt waere es gut wenn nen admin meine beitraege editiert

greets

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4712

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

28.09.2010 18:59:44
mbam-log-2010-09-28 (18-59-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 189870
Time elapsed: 1 hour(s), 0 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Alt 28.09.2010, 21:42   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll ()
O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll ()
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [M3000Mnt]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.09.2010, 22:46   #10
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



Hi

Beim reboot kommt diese anzeige

access violation at address 05b9446 in module 'OTL.exe'. Read of address 00000000

Alt 28.09.2010, 22:49   #11
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.09.2010 23:30:08 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Documents and Settings\Wandi\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 513,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 13,31 Gb Free Space | 9,57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KUNDI
Current User Name: Wandi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.28 20:45:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M]
 
[2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions
[2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions
[2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml
[2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml
[2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml
[2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml
[2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.28 23:25:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.28 23:24:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent
[2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes
[2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools
[2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com
[2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com
[2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com
[2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations
[2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help
[2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help
[2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll
[2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll
[2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll
[2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll
[2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll
[2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll
[2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll
[2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll
[2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll
[2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll
[2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2)
[2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle
[2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0
[2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System
[2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit
[2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft
[2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe
[2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup
[2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup
[2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3
[2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.28 23:32:11 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 23:32:11 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 23:32:11 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 23:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 23:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 23:27:04 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 23:26:25 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 23:26:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 23:25:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.09.28 21:27:30 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z
[2010.09.28 21:27:00 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.28 21:27:30 | 000,014,065 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z
[2010.09.28 21:27:00 | 000,014,065 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z
[2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 11:58:45 | 000,002,928 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG
[2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys
[2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat
[2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat
[2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini
[2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak
[2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll
[2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll
 
========== LOP Check ==========
 
[2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer
[2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer
[2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller
[2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow
[2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template
[2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer
[2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---
[2010.09.28 23:38:36 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG
[2010.09.28 23:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop
[2010.09.28 23:32:11 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 23:32:11 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 23:32:11 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 23:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 23:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 23:26:25 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 23:26:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 23:25:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.09.28 23:25:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data
[2010.09.28 23:25:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010.09.28 23:24:40 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 23:24:29 | 000,002,928 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt
[2010.09.28 23:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock
[2010.09.28 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype
[2010.09.28 23:20:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies
[2010.09.28 22:59:03 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent
[2010.09.28 21:27:30 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z
[2010.09.28 21:27:00 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z
[2010.09.28 20:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing
[2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes
[2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com
[2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com
[2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss
[2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB
[2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help
[2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help
[2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0
[2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB
[2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu
[2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM
[2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft
[2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft
[2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys
[2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat
[2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat
[2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db
[2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini
[2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.28 23:32:11 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.28 23:32:11 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.28 23:32:11 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.09.28 23:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.28 23:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.28 23:27:04 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.28 23:26:25 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT
[2010.09.28 23:26:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini
[2010.09.28 23:25:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.09.28 21:27:30 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z
[2010.09.28 21:27:00 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z
[2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip
[2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe
[2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg
[2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg
[2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe
[2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old
[2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf
[2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk
[2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk
[2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe
[2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png
[2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png
[2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg
[2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg
[2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg
[2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg
[2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg
[2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg
[2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx
[2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx
[2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== LOP Check ==========

[2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer
[2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console
[2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft
[2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers
[2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi
[2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer
[2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller
[2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow
[2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template
[2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software
[2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent
[2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer
[2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========



< End of report >

Alt 28.09.2010, 22:50   #12
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.09.2010 23:30:08 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Documents and Settings\Wandi\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 513,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 13,31 Gb Free Space | 9,57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KUNDI
Current User Name: Wandi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.
 
Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module , version 0.0.0.0, fault address 0x00000000.
 
Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
 
Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.
 
Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module unknown, version 0.0.0.0, fault address 0x0e6bf470.
 
Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.
 
Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module unknown, version 0.0.0.0, fault address 0x04daf540.
 
Error - 28.09.2010 17:23:27 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly.  It 
has done this 1 time(s).
 
Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
 
Error - 28.09.2010 17:22:36 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
 
Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly.  It 
has done this 1 time(s).
 
Error - 28.09.2010 17:29:06 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The Terminal Server Device Redirector Helper service hung on starting.
 
 
< End of report >
         
--- --- ---

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.

Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0e6bf470.

Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.

Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04daf540.

Error - 28.09.2010 17:23:27 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 17:22:36 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.

Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 28.09.2010 17:29:06 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The Terminal Server Device Redirector Helper service hung on starting.


< End of report >

Alt 29.09.2010, 09:05   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



Du solltest den Fix mit OTL machen und nicht ein OTL.txt posten. Falsches Log?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.09.2010, 10:24   #14
crazynotion
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



mhh also habe den text bei OTL eingefuegt und den fix gemacht aber da kam kein
log darum habe ich otl nochmal laufen lasse

greets

Alt 29.09.2010, 10:38   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/spy.729600.4 im sec takt - Standard

TR/spy.729600.4 im sec takt



Mach den Fix bitte nochmal.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/spy.729600.4 im sec takt
adobe, antivir guard, avg, avira, bho, browser, desktop, excel, explorer, file, firefox, hijack, hijackthis, internet, internet explorer, monitor, mozilla, object, programm, rundll, software, taskmanager, tr/spy., virus, virus eingefangen, windows, windows xp



Ähnliche Themen: TR/spy.729600.4 im sec takt


  1. Festplatte füllt sich im Minuten Takt
    Plagegeister aller Art und deren Bekämpfung - 22.06.2015 (6)
  2. Win 7 64 bit - hängt sich im 5-Minuten-Takt komplett auf
    Alles rund um Windows - 11.05.2014 (1)
  3. Intel i7 3770k Turbo Takt ohne grund
    Alles rund um Windows - 24.02.2013 (7)
  4. tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (42)
  5. Avira meldet im zweiminuten Takt Fehler
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (7)
  6. Werbefenster popen im 20sec Takt auf
    Log-Analyse und Auswertung - 26.12.2008 (1)
  7. Virus? PC tippt im 20s-Takt automatisch eine Nachricht ein
    Plagegeister aller Art und deren Bekämpfung - 13.06.2008 (10)
  8. Pc laggt wilkürlich im 3/4 Takt
    Netzwerk und Hardware - 14.07.2006 (17)
  9. Prozessor Takt verändert ?!?
    Netzwerk und Hardware - 22.01.2005 (9)

Zum Thema TR/spy.729600.4 im sec takt - Hallo liebe Forengemeinde Da ich sogut wie keine Ahnung von Pcs habe, wurde mir vom Kumpel nahegelegt mich an euch zu wenden. Habe folgendes problem Habe mir beim streamen nen - TR/spy.729600.4 im sec takt...
Archiv
Du betrachtest: TR/spy.729600.4 im sec takt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.