| 
 pc bootet jedoch mit einem schnellen piepen u.es hört nicht auf jetzt seit 4std
 hallo trojanerboard user 
habe heute nacht einem film ankucken wollen aber es war schon später,und ich dachte mir ich kucke mal nach nem sleep-timer weil ich manchmal einschlafe und dann der pc noch die ganze zeit durch die gegend rennt. 
gesagt getan  
von der seite des vertrauens chip.de das tool power off geladen und den timer gestellt mit option -hart aus- 
obwohl ausser dem vlc player nix an war aber ich dachte nacher fährt er nicht runter also -hart aus- 
das ist auch schon das einzige was ich in der nacht gemacht oder verändert habe. 
heute vormittag angemacht und simultan mit boot piepts bei mir ununterbrochen das gleiche muster.  
3piepa in 2sekunden ohne versatz straight rund um die uhr jetzt seit 4 std.  
keinen virusbefall gehabt seit anno tobak. 
(kann aber wenns nötig ist d.malwarebytes nochmal drüberbügeln komplett)  
an hardware setup wurde nix verändert oder gefriemelt (hochgetaktet).  
relativ selten 2-3 mal im monat aber konstant seit einiger zeit habe ich einfach so unabhängig von anwendung absturz mit bluescreen. 
habe aber mit problembehandlung in win7 nix erreicht die fehlercodes sind so schnell weg wie der bluescreen kommt.  
leistungsüberwachung zeigt cachefehler an  
Betriebsystemname    Microsoft Windows 7 Ultimate 
Version    6.1.7600 Build 7600 
Weitere Betriebsystembeschreibung     Nicht verfügbar 
Betriebsystemhersteller    Microsoft Corporation 
Systemname    NEST 
Systemhersteller    To Be Filled By O.E.M. 
Systemmodell    To Be Filled By O.E.M. 
Systemtyp    X86-basierter PC 
Prozessor    Intel(R) Pentium(R) 4 CPU 3.20GHz, 3198 MHz, 1 Kern(e), 2 logische(r) Prozessor(en) 
BIOS-Version/-Datum    American Megatrends Inc. 1024.001, 04.08.2005 
SMBIOS-Version    2.3 
Windows-Verzeichnis    C:\Windows 
Systemverzeichnis    C:\Windows\system32 
Startgerät    \Device\HarddiskVolume1 
Gebietsschema    Deutschland 
Hardwareabstraktionsebene    Version = "6.1.7600.16385" 
Benutzername    Nest\Vogelmann 
Zeitzone    Mitteleuropäische Zeit 
Installierter physikalischer Speicher (RAM)    2,00 GB 
Gesamter realer Speicher    2,00 GB 
Verfügbarer realer Speicher    1,07 GB 
Gesamter virtueller Speicher    4,00 GB 
Verfügbarer virtueller Speicher    2,77 GB 
Größe der Auslagerungsdatei    2,00 GB 
Auslagerungsdatei    C:\pagefile.sys    
0x00000000-0x00000CF7    PCI-Bus    OK 
0x00000000-0x00000CF7    DMA-Controller    OK 
0x00000010-0x0000001F    Hauptplatinenressourcen    OK 
0x00000020-0x00000021    Programmierbarer Interruptcontroller    OK 
0x00000022-0x0000003F    Hauptplatinenressourcen    OK 
0x00000040-0x00000043    Systemzeitgeber    OK 
0x00000044-0x0000005F    Hauptplatinenressourcen    OK 
0x00000061-0x00000061    Systemlautsprecher    OK 
0x00000062-0x00000063    Hauptplatinenressourcen    OK 
0x00000065-0x0000006F    Hauptplatinenressourcen    OK 
0x00000070-0x00000071    System CMOS/Echtzeituhr    OK 
0x00000072-0x0000007F    Hauptplatinenressourcen    OK 
0x00000080-0x00000080    Hauptplatinenressourcen    OK 
0x00000081-0x00000083    DMA-Controller    OK 
0x00000084-0x00000086    Hauptplatinenressourcen    OK 
0x00000087-0x00000087    DMA-Controller    OK 
0x00000088-0x00000088    Hauptplatinenressourcen    OK 
0x00000089-0x0000008B    DMA-Controller    OK 
0x0000008C-0x0000008E    Hauptplatinenressourcen    OK 
0x0000008F-0x0000008F    DMA-Controller    OK 
0x00000090-0x0000009F    Hauptplatinenressourcen    OK 
0x000000A0-0x000000A1    Programmierbarer Interruptcontroller    OK 
0x000000A2-0x000000BF    Hauptplatinenressourcen    OK 
0x000000C0-0x000000DF    DMA-Controller    OK 
0x000000E0-0x000000EF    Hauptplatinenressourcen    OK 
0x000000F0-0x000000FF    Numerischer Coprozessor    OK 
0x00000170-0x00000177    ATA Channel 1    OK 
0x000001F0-0x000001F7    ATA Channel 0    OK 
0x00000290-0x00000297    Hauptplatinenressourcen    OK 
0x000002F8-0x000002FF    Kommunikationsanschluss (COM2)    OK 
0x00000376-0x00000376    ATA Channel 1    OK 
0x00000378-0x0000037F    ECP-Druckeranschluss (LPT1)    OK 
0x000003B0-0x000003BB    ATI Radeon HD 2600 XT AGP (Microsoft Corporation WDDM 1.1)     OK 
0x000003B0-0x000003BB    Intel(R) 82875P Prozessor-zu-AGP-Controller - 2579    OK 
0x000003C0-0x000003DF    ATI Radeon HD 2600 XT AGP (Microsoft Corporation WDDM 1.1)     OK 
0x000003C0-0x000003DF    Intel(R) 82875P Prozessor-zu-AGP-Controller - 2579    OK 
0x000003F0-0x000003F5    Standard-Diskettenlaufwerkcontroller    OK 
0x000003F6-0x000003F6    ATA Channel 0    OK 
0x000003F7-0x000003F7    Standard-Diskettenlaufwerkcontroller    OK 
0x000003F8-0x000003FF    Kommunikationsanschluss (COM1)    OK 
0x00000400-0x0000041F    Intel(R) 82801EB SMBus-Controller - 24D3    OK 
0x00000480-0x000004BF    Hauptplatinenressourcen    OK 
0x000004D0-0x000004D1    Hauptplatinenressourcen    OK 
0x00000680-0x000006FF    Hauptplatinenressourcen    OK 
0x00000778-0x0000077B    ECP-Druckeranschluss (LPT1)    OK 
0x00000800-0x0000087F    Hauptplatinenressourcen    OK 
0x00000D00-0x0000FFFF    PCI-Bus    OK 
0x0000B000-0x0000B0FF    ATI Radeon HD 2600 XT AGP (Microsoft Corporation WDDM 1.1)     OK 
0x0000B000-0x0000B0FF    Intel(R) 82875P Prozessor-zu-AGP-Controller - 2579    OK 
0x0000C000-0x0000CFFF    Intel(R) 82875P/E7210 Prozessor-zu-PCI-zu-CSA-Brücke - 257B    OK 
0x0000CCE0-0x0000CCFF    Intel(R) PRO/1000 CT-Netzwerkverbindung    OK 
0x0000D000-0x0000DFFF    Intel(R) 82801 PCI-Brücke - 244E    OK 
0x0000D880-0x0000D8FF    Win2000 Promise FastTrak 378 (tm) Controller    OK 
0x0000DC00-0x0000DC7F    OHCI-konformer VIA 1394-Hostcontroller    OK 
0x0000DCB0-0x0000DCBF    Win2000 Promise FastTrak 378 (tm) Controller    OK 
0x0000DCC0-0x0000DCFF    Win2000 Promise FastTrak 378 (tm) Controller    OK 
0x0000E800-0x0000E8FF    SoundMAX Integrated Digital Audio    OK 
0x0000EE80-0x0000EEBF    SoundMAX Integrated Digital Audio    OK 
0x0000EF00-0x0000EF1F    Intel(R) 82801EB USB universeller Hostcontroller - 24D2    OK 
0x0000EF20-0x0000EF3F    Intel(R) 82801EB USB universeller Hostcontroller - 24D4    OK 
0x0000EF40-0x0000EF5F    Intel(R) 82801EB USB universeller Hostcontroller - 24D7    OK 
0x0000EF60-0x0000EF6F    Intel(R) 82801EB Ultra ATA-Speichercontroller - 24D1    OK 
0x0000EF80-0x0000EF9F    Intel(R) 82801EB USB universeller Hostcontroller - 24DE    OK 
0x0000EFA0-0x0000EFA7    Intel(R) 82801EB Ultra ATA-Speichercontroller - 24D1    OK 
0x0000EFA8-0x0000EFAB    Intel(R) 82801EB Ultra ATA-Speichercontroller - 24D1    OK 
0x0000EFAC-0x0000EFAF    Intel(R) 82801EB Ultra ATA-Speichercontroller - 24D1    OK 
0x0000EFE0-0x0000EFE7    Intel(R) 82801EB Ultra ATA-Speichercontroller - 24D1    OK 
0x0000FC00-0x0000FC0F    Intel(R) 82801EB Ultra ATA-Speichercontroller - 24DB    OK   
0xE0000000-0xEFFFFFFF    ATI Radeon HD 2600 XT AGP (Microsoft Corporation WDDM 1.1)     OK 
0xFE8F0000-0xFE8FFFFF    ATI Radeon HD 2600 XT AGP (Microsoft Corporation WDDM 1.1)     OK 
0x80000000-0xFFEFFFFF    PCI-Bus    OK 
0x0000-0x9FFFF    Systemplatine    OK 
0xFFF00000-0xFFFFFFFF    Systemplatine    OK 
0xFE8EC000-0xFE8EFFFF    High Definition Audio-Controller    OK 
0xFE800000-0xFE8FFFFF    Intel(R) 82875P Prozessor-zu-AGP-Controller - 2579    OK 
0xD7F00000-0xF7EFFFFF    Intel(R) 82875P Prozessor-zu-AGP-Controller - 2579    OK 
0xF8000000-0xFBFFFFFF    Intel(R) 82875P Prozessor-zu-AGP-Controller - 2579    OK 
0xFEC00000-0xFEC00FFF    Hauptplatinenressourcen    OK 
0xFEE00000-0xFEE00FFF    Hauptplatinenressourcen    OK 
0xFED20000-0xFED8FFFF    Hauptplatinenressourcen    OK 
0xFFB00000-0xFFBFFFFF    Hauptplatinenressourcen    OK 
0xFEAFE000-0xFEAFEFFF    Win2000 Promise FastTrak 378 (tm) Controller    OK 
0xFEAC0000-0xFEADFFFF    Win2000 Promise FastTrak 378 (tm) Controller    OK 
0xFE900000-0xFE9FFFFF    Intel(R) 82875P/E7210 Prozessor-zu-PCI-zu-CSA-Brücke - 257B    OK 
0xFEAFF800-0xFEAFFFFF    OHCI-konformer VIA 1394-Hostcontroller    OK 
0xFEBFF800-0xFEBFF9FF    SoundMAX Integrated Digital Audio    OK 
0xFEBFF400-0xFEBFF4FF    SoundMAX Integrated Digital Audio    OK 
0xFE9E0000-0xFE9FFFFF    Intel(R) PRO/1000 CT-Netzwerkverbindung    OK 
0xFEA00000-0xFEAFFFFF    Intel(R) 82801 PCI-Brücke - 244E    OK 
0xFFEFFC00-0xFFEFFFFF    Intel(R) 82801EB Ultra ATA-Speichercontroller - 24DB    OK 
0xFEBFFC00-0xFEBFFFFF    Intel(R) 82801EB USB2 erweiterter Hostcontroller - 24DD    OK 
0xA0000-0xBFFFF    ATI Radeon HD 2600 XT AGP (Microsoft Corporation WDDM 1.1)     OK 
0xA0000-0xBFFFF    PCI-Bus    OK 
0xA0000-0xBFFFF    Intel(R) 82875P Prozessor-zu-AGP-Controller - 2579    OK 
0xC0000-0xDFFFF    Systemplatine    OK 
0xE0000-0xFFFFF    Systemplatine    OK 
0x100000-0x7FFEFFFF    Systemplatine    OK    
sind andere angaben von nöten oder erwünscht  
additiv bitte nur kurz schreiben. :dankeschoen:  
pardon aber ich bin nicht so in der materie habe auch schon google gefragt aber das board hier schien mir am vernünftigsten. 
habe auch nix getan eigenmächtig dagegen.   
.....................ÄHEM bitte um verzeihung die augen nicht aufgemacht zu haben vor threadstart habe das malwarebytes schon länger und es läuft grade. 
das otl auch direkt im anschluss.  
OTL Logfile:   Code: 
 OTL logfile created on: 03.03.2011 15:33:10 - Run 1OTL by OldTimer - Version 3.2.22.2     Folder = C:\Users\Vogelmann\Desktop\MFTools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.7600.16385)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 83,41 Gb Total Space | 3,50 Gb Free Space | 4,20% Space Free | Partition Type: NTFS
 Drive D: | 195,96 Gb Total Space | 10,53 Gb Free Space | 5,37% Space Free | Partition Type: NTFS
 Drive E: | 15,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
 Computer Name: NEST | User Name: Vogelmann | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user
 Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - C:\Users\Vogelmann\Desktop\MFTools\OTL.exe (OldTimer Tools)
 PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
 PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 PRC - C:\Programme\Connectify\Connectifyd.exe (Connectify)
 PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
 PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe ()
 PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
 PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
 PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
 PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 PRC - C:\Programme\Aquip\Aquip AWLAN-5\UI.exe ()
 PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation)
 PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
 PRC - C:\Windows\tsnpstd3.exe ()
 PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
 PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
 ========== Modules (SafeList) ==========
 
 MOD - C:\Users\Vogelmann\Desktop\MFTools\OTL.exe (OldTimer Tools)
 MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 MOD - C:\Windows\System32\winsta.dll (Microsoft Corporation)
 MOD - C:\Windows\System32\wkscli.dll (Microsoft Corporation)
 MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
 MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)
 MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
 MOD - C:\Windows\System32\davhlpr.dll (Microsoft Corporation)
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
 SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
 SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 SRV - (Connectify) -- C:\Programme\Connectify\Connectifyd.exe (Connectify)
 SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
 SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
 SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
 SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
 SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
 SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
 SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - (PsSdk41) -- C:\Windows\System32\drivers\pssdk41.sys (microOLAP Technologies LTD)
 DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
 DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
 DRV - (pspdisp) -- C:\Windows\System32\drivers\pspdisp.sys (JJS)
 DRV - (connctfyMP) -- C:\Windows\System32\drivers\connctfy.sys (Connectify)
 DRV - (connctfy) -- C:\Windows\System32\drivers\connctfy.sys (Connectify)
 DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
 DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
 DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
 DRV - (BazisVirtualCDBus) -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys (SysProgs.org)
 DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
 DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
 DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
 DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
 DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
 DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
 DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
 DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
 DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
 DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
 DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
 DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
 DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
 DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
 DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder iPod Edition\SysInfo.sys ()
 DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
 DRV - (fasttx2k) -- C:\Windows\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://pspking.de/hxxp://chet-mart.com/ [binary data]
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 EF F3 91 F3 5B CA 01  [binary data]
 IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 ========== FireFox ==========
 
 
 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.03 11:45:56 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.03 11:45:56 | 000,000,000 | ---D | M]
 
 [2011.01.30 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Extensions
 [2011.01.30 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Extensions\MediaCoder
 [2011.03.03 11:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Firefox\Profiles\81syumbb.default\extensions
 [2011.03.03 11:51:04 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Firefox\Profiles\81syumbb.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
 [2011.03.03 11:51:02 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Firefox\Profiles\81syumbb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
 [2011.03.03 11:51:03 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Firefox\Profiles\81syumbb.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
 [2010.12.14 19:08:28 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Firefox\Profiles\81syumbb.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
 [2010.07.23 11:14:15 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Firefox\Profiles\81syumbb.default\extensions\piclens@cooliris.com
 [2010.07.23 11:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vogelmann\AppData\Roaming\mozilla\Firefox\Profiles\81syumbb.default\extensions\piclens@cooliris.com-trash
 [2011.03.03 11:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 [2010.01.29 08:12:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
 [2010.09.24 20:31:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 [2010.12.03 16:22:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 [2010.12.29 10:19:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
 [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
 [2010.10.23 00:28:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
 [2010.12.28 15:51:34 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
 [2010.10.23 00:28:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
 [2010.10.23 00:28:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
 [2010.10.23 00:28:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
 [2010.10.23 00:28:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
 O1 HOSTS File: ([2011.01.31 22:57:46 | 000,000,908 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
 O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
 O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
 O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
 O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
 O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
 O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 O4 - HKLM..\Run: [NBKeyScan]  File not found
 O4 - HKLM..\Run: [OCDLMgr]  File not found
 O4 - HKLM..\Run: [Ptipbmf] C:\Windows\System32\ptipbmf.dll (Promise Technology, Inc.)
 O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
 O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
 O4 - HKCU..\Run: [Wireless_UI] C:\Program Files\Aquip\Aquip AWLAN-5\UI.exe ()
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
 O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
 O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
 O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
 O13 - gopher Prefix: missing
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
 O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
 O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
 O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 O32 - AutoRun File - [2005.09.26 04:57:08 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
 O33 - MountPoints2\{12f1cbb5-2ae0-11df-8556-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{12f1cbb5-2ae0-11df-8556-000c6ece0e75}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
 O33 - MountPoints2\{1a216365-f248-11de-93de-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{1a216365-f248-11de-93de-000c6ece0e75}\Shell\AutoRun\command - "" = G:\Autorun.exe
 O33 - MountPoints2\{3f967bd4-2f8d-11df-b540-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{3f967bd4-2f8d-11df-b540-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup.exe
 O33 - MountPoints2\{3f967bd5-2f8d-11df-b540-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{3f967bd5-2f8d-11df-b540-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup.exe
 O33 - MountPoints2\{3f967bdd-2f8d-11df-b540-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{3f967bdd-2f8d-11df-b540-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup.exe
 O33 - MountPoints2\{51ab0f73-d549-11de-9660-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{51ab0f73-d549-11de-9660-000c6ece0e75}\Shell\AutoRun\command - "" = F:\Autorun.exe
 O33 - MountPoints2\{51ab0f84-d549-11de-9660-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{51ab0f84-d549-11de-9660-000c6ece0e75}\Shell\AutoRun\command - "" = F:\Autorun.exe
 O33 - MountPoints2\{51ab0f85-d549-11de-9660-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{51ab0f85-d549-11de-9660-000c6ece0e75}\Shell\AutoRun\command - "" = F:\Autorun.exe
 O33 - MountPoints2\{56718ec4-fa4a-11de-9d46-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{56718ec4-fa4a-11de-9d46-000c6ece0e75}\Shell\AutoRun\command - "" = F:\AutoRun.exe
 O33 - MountPoints2\{56718ec8-fa4a-11de-9d46-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{56718ec8-fa4a-11de-9d46-000c6ece0e75}\Shell\AutoRun\command - "" = F:\AutoRun.exe
 O33 - MountPoints2\{56718eed-fa4a-11de-9d46-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{56718eed-fa4a-11de-9d46-000c6ece0e75}\Shell\AutoRun\command - "" = F:\AutoRun.exe
 O33 - MountPoints2\{56718ef0-fa4a-11de-9d46-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{56718ef0-fa4a-11de-9d46-000c6ece0e75}\Shell\AutoRun\command - "" = F:\AutoRun.exe
 O33 - MountPoints2\{56718f30-fa4a-11de-9d46-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{56718f30-fa4a-11de-9d46-000c6ece0e75}\Shell\AutoRun\command - "" = F:\AutoRun.exe
 O33 - MountPoints2\{56718f5f-fa4a-11de-9d46-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{56718f5f-fa4a-11de-9d46-000c6ece0e75}\Shell\AutoRun\command - "" = F:\AutoRun.exe
 O33 - MountPoints2\{630c859c-3024-11df-9bc9-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{630c859c-3024-11df-9bc9-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup.exe
 O33 - MountPoints2\{6427bb3b-d5e2-11de-b366-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{6427bb3b-d5e2-11de-b366-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
 O33 - MountPoints2\{6427bb3b-d5e2-11de-b366-000c6ece0e75}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
 O33 - MountPoints2\{6427bb3c-d5e2-11de-b366-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{6427bb3c-d5e2-11de-b366-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
 O33 - MountPoints2\{6427bb3c-d5e2-11de-b366-000c6ece0e75}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
 O33 - MountPoints2\{6427bb43-d5e2-11de-b366-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{6427bb43-d5e2-11de-b366-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
 O33 - MountPoints2\{6427bb43-d5e2-11de-b366-000c6ece0e75}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
 O33 - MountPoints2\{64b8f34e-db38-11de-9d20-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{64b8f34e-db38-11de-9d20-000c6ece0e75}\Shell\AutoRun\command - "" = G:\Autorun.exe
 O33 - MountPoints2\{64b8f34f-db38-11de-9d20-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{64b8f34f-db38-11de-9d20-000c6ece0e75}\Shell\AutoRun\command - "" = G:\Autorun.exe
 O33 - MountPoints2\{928ab101-f1b9-11de-9988-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{928ab101-f1b9-11de-9988-000c6ece0e75}\Shell\AutoRun\command - "" = H:\Autorun.exe
 O33 - MountPoints2\{bb6d11f9-c7e1-11de-aae9-806e6f6e6963}\Shell - "" = AutoRun
 O33 - MountPoints2\{bb6d11f9-c7e1-11de-aae9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2009.02.11 07:50:10 | 002,778,163 | R--- | M] (Macromedia, Inc.)
 O33 - MountPoints2\{c10e723a-2b28-11e0-b6b7-cf2587cdc927}\Shell - "" = AutoRun
 O33 - MountPoints2\{c10e723a-2b28-11e0-b6b7-cf2587cdc927}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
 O33 - MountPoints2\{cd53ad4e-2c53-11df-90d0-c83a35c15548}\Shell - "" = AutoRun
 O33 - MountPoints2\{cd53ad4e-2c53-11df-90d0-c83a35c15548}\Shell\AutoRun\command - "" = F:\pushinst.exe
 O33 - MountPoints2\{ff0397dc-3052-11df-8d75-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{ff0397dc-3052-11df-8d75-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup.exe
 O33 - MountPoints2\{ff0397e8-3052-11df-8d75-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{ff0397e8-3052-11df-8d75-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup.exe
 O33 - MountPoints2\{ff03980c-3052-11df-8d75-000c6ece0e75}\Shell - "" = AutoRun
 O33 - MountPoints2\{ff03980c-3052-11df-8d75-000c6ece0e75}\Shell\AutoRun\command - "" = F:\setup.exe
 O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2011.03.03 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\Desktop\MFTools
 [2011.03.03 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\AppData\Local\MigWiz
 [2011.03.02 23:32:37 | 000,172,032 | ---- | C] (Jorgen Bosman) -- C:\Users\Vogelmann\Desktop\poweroff_deutsch.exe
 [2011.03.02 17:15:12 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\Desktop\AMG -Bitch Betta Have My Money (1991)
 [2011.02.28 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\Desktop\Neuer Ordner (3)
 [2011.02.26 09:16:13 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
 [2011.02.26 08:49:33 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLink Kai
 [2011.02.26 08:49:33 | 000,000,000 | ---D | C] -- C:\Programme\XLink Kai
 [2011.02.26 08:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
 [2011.02.26 08:47:04 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap
 [2011.02.25 17:32:51 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\Desktop\Komplettpaket-Adhoc2USB
 [2011.02.25 17:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
 [2011.02.25 17:02:30 | 000,000,000 | ---D | C] -- C:\Programme\No23 Recorder
 [2011.02.25 17:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder
 [2011.02.25 17:00:42 | 000,984,576 | ---- | C] (Nº23 Labs) -- C:\Users\Vogelmann\Desktop\No23Player.exe
 [2011.02.25 17:00:30 | 004,407,943 | ---- | C] (No23) -- C:\Users\Vogelmann\Desktop\No23Live.exe
 [2011.02.25 17:00:14 | 004,144,094 | ---- | C] (No23) -- C:\Users\Vogelmann\Desktop\No23Recorder.exe
 [2011.02.24 19:03:04 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\Desktop\121 Gameboots
 [2011.02.24 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
 [2011.02.24 17:04:20 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\AppData\Local\Yahoo!
 [2011.02.14 17:10:40 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\AppData\Roaming\skypePM
 [2011.02.14 17:09:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
 [2011.02.14 17:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 [2011.02.14 17:09:38 | 000,000,000 | R--D | C] -- C:\Programme\Skype
 [2011.02.14 17:09:37 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\AppData\Roaming\Skype
 [2011.02.14 17:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
 [2011.02.08 14:44:28 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\Desktop\Gatekeeper - Giza (Merok, 2010)
 [2011.02.02 01:44:18 | 000,000,000 | ---D | C] -- C:\Users\Vogelmann\Desktop\SAVEDATA
 [2011.01.17 21:23:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
 [2011.01.17 21:23:24 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
 [2011.01.17 21:23:23 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 [2011.01.17 21:23:23 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
 [2010.07.07 00:11:48 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Programme\spybotsd162.exe
 
 ========== Files - Modified Within 30 Days ==========
 
 [2011.03.03 13:37:57 | 000,296,448 | ---- | M] () -- C:\Users\Vogelmann\Desktop\g2m3e4r.exe
 [2011.03.03 13:37:56 | 000,050,477 | ---- | M] () -- C:\Users\Vogelmann\Desktop\defogger.exe
 [2011.03.03 13:34:24 | 000,472,080 | ---- | M] () -- C:\Users\Vogelmann\Desktop\Load.exe
 [2011.03.03 12:42:18 | 000,007,609 | ---- | M] () -- C:\Users\Vogelmann\AppData\Local\resmon.resmoncfg
 [2011.03.03 12:30:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
 [2011.03.03 12:30:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
 [2011.03.03 11:47:24 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
 [2011.03.03 11:47:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2011.03.03 11:47:02 | 1609,670,656 | -HS- | M] () -- C:\hiberfil.sys
 [2011.03.02 23:32:45 | 000,172,032 | ---- | M] (Jorgen Bosman) -- C:\Users\Vogelmann\Desktop\poweroff_deutsch.exe
 [2011.03.02 17:03:44 | 007,850,454 | ---- | M] () -- C:\Users\Vogelmann\Desktop\Bitch Betta Have My Money.mp3
 [2011.03.02 10:29:06 | 000,007,329 | ---- | M] () -- C:\Users\Vogelmann\Desktop\9bbc76d5.gif
 [2011.02.27 23:17:07 | 000,233,507 | ---- | M] () -- C:\Users\Vogelmann\Desktop\giga_pudding_001.jpg
 [2011.02.26 17:08:05 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk41.sys
 [2011.02.26 13:41:57 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
 [2011.02.26 13:41:57 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
 [2011.02.26 13:41:57 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 [2011.02.26 13:41:57 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 [2011.02.25 17:02:33 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
 [2011.02.25 17:00:47 | 000,984,576 | ---- | M] (Nº23 Labs) -- C:\Users\Vogelmann\Desktop\No23Player.exe
 [2011.02.25 17:00:42 | 004,407,943 | ---- | M] (No23) -- C:\Users\Vogelmann\Desktop\No23Live.exe
 [2011.02.25 17:00:24 | 004,144,094 | ---- | M] (No23) -- C:\Users\Vogelmann\Desktop\No23Recorder.exe
 [2011.02.24 17:04:35 | 001,135,080 | ---- | M] () -- C:\Users\Vogelmann\Desktop\yahoomailuploader_0.5.exe
 [2011.02.23 23:07:16 | 000,126,018 | ---- | M] () -- C:\Users\Vogelmann\Desktop\l.MaGiXieN,r.Mathieulhjpg.jpg
 [2011.02.19 10:26:58 | 000,006,256 | R--- | M] () -- C:\Users\Vogelmann\Desktop\344476-z68kfltk.dlc
 [2011.02.19 10:03:40 | 000,002,160 | R--- | M] () -- C:\Users\Vogelmann\Desktop\4df0029e775fd249d3c882563d959da0.dlc
 [2011.02.14 17:10:43 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
 [2011.02.14 17:09:41 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 [2011.02.14 16:28:53 | 000,000,680 | RHS- | M] () -- C:\Users\Vogelmann\ntuser.pol
 [2011.02.12 22:46:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 [2011.02.11 09:36:45 | 000,048,873 | ---- | M] () -- C:\Users\Vogelmann\Desktop\KnowYourMushroomsPoster325.jpg
 [2011.02.06 16:23:11 | 008,274,163 | ---- | M] () -- C:\Users\Vogelmann\Desktop\XV ft. CyHi, Vado & Erin Christine- All For Me (prod. by Omen & Audio BLK) [DIRTY].mp3
 
 ========== Files Created - No Company Name ==========
 
 [2011.03.03 13:35:03 | 000,296,448 | ---- | C] () -- C:\Users\Vogelmann\Desktop\g2m3e4r.exe
 [2011.03.03 13:35:02 | 000,050,477 | ---- | C] () -- C:\Users\Vogelmann\Desktop\defogger.exe
 [2011.03.03 13:34:18 | 000,472,080 | ---- | C] () -- C:\Users\Vogelmann\Desktop\Load.exe
 [2011.03.03 12:29:16 | 000,007,609 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\resmon.resmoncfg
 [2011.03.02 17:03:09 | 007,850,454 | ---- | C] () -- C:\Users\Vogelmann\Desktop\Bitch Betta Have My Money.mp3
 [2011.03.02 10:28:58 | 000,007,329 | ---- | C] () -- C:\Users\Vogelmann\Desktop\9bbc76d5.gif
 [2011.02.27 23:16:59 | 000,233,507 | ---- | C] () -- C:\Users\Vogelmann\Desktop\giga_pudding_001.jpg
 [2011.02.25 17:02:33 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
 [2011.02.24 17:04:25 | 001,135,080 | ---- | C] () -- C:\Users\Vogelmann\Desktop\yahoomailuploader_0.5.exe
 [2011.02.23 23:07:00 | 000,126,018 | ---- | C] () -- C:\Users\Vogelmann\Desktop\l.MaGiXieN,r.Mathieulhjpg.jpg
 [2011.02.19 10:49:18 | 000,002,160 | R--- | C] () -- C:\Users\Vogelmann\Desktop\4df0029e775fd249d3c882563d959da0.dlc
 [2011.02.19 10:48:59 | 000,006,256 | R--- | C] () -- C:\Users\Vogelmann\Desktop\344476-z68kfltk.dlc
 [2011.02.14 17:10:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
 [2011.02.14 17:09:41 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
 [2011.02.13 05:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\Vogelmann\ntuser.pol
 [2011.02.12 22:46:59 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 [2011.02.11 09:36:36 | 000,048,873 | ---- | C] () -- C:\Users\Vogelmann\Desktop\KnowYourMushroomsPoster325.jpg
 [2011.02.06 16:21:08 | 008,274,163 | ---- | C] () -- C:\Users\Vogelmann\Desktop\XV ft. CyHi, Vado & Erin Christine- All For Me (prod. by Omen & Audio BLK) [DIRTY].mp3
 [2011.01.17 21:23:27 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
 [2011.01.17 21:23:26 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
 [2011.01.17 21:23:26 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe
 [2011.01.17 21:23:25 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 [2011.01.17 21:23:24 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys
 [2011.01.02 11:20:41 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
 [2010.12.28 15:58:39 | 000,000,704 | ---- | C] () -- C:\Windows\cdplayer.ini
 [2010.12.12 03:24:30 | 000,000,874 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{A2083210-DB6B-4437-9751-81590ED4FA59}_sta
 [2010.12.12 03:24:24 | 000,001,706 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{A2083210-DB6B-4437-9751-81590ED4FA59}_prof
 [2010.12.12 03:18:25 | 000,001,001 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{A2083210-DB6B-4437-9751-81590ED4FA59}_wsc
 [2010.11.06 09:37:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 [2010.08.24 05:26:00 | 000,000,600 | ---- | C] () -- C:\Users\Vogelmann\AppData\Roaming\winscp.rnd
 [2010.08.07 09:29:18 | 000,140,200 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
 [2010.08.06 18:14:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
 [2010.08.06 18:14:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
 [2010.07.20 03:27:18 | 000,001,701 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{63133601-0903-49FD-89D3-873C3306B2A2}_prof
 [2010.07.20 03:27:18 | 000,000,856 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{63133601-0903-49FD-89D3-873C3306B2A2}_sta
 [2010.07.06 17:26:23 | 000,001,003 | ---- | C] () -- C:\Programme\Easy Duplicate Finder
 [2010.05.07 14:56:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\akrip.dll
 [2010.05.03 14:02:31 | 000,039,712 | ---- | C] () -- C:\Windows\System32\ASL.dll
 [2010.04.18 13:37:21 | 000,001,001 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{63133601-0903-49FD-89D3-873C3306B2A2}_wsc
 [2010.04.05 11:17:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
 [2010.04.04 13:28:03 | 000,000,042 | ---- | C] () -- C:\Users\Vogelmann\AppData\Roaming\default.pls
 [2010.03.10 16:28:44 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
 [2010.01.25 21:51:52 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
 [2010.01.16 22:05:16 | 000,001,672 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{E5038C84-E7FB-4117-B690-36C450516170}_prof
 [2010.01.16 22:05:16 | 000,000,840 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{E5038C84-E7FB-4117-B690-36C450516170}_sta
 [2010.01.16 22:01:28 | 000,001,001 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\RT2070_{E5038C84-E7FB-4117-B690-36C450516170}_wsc
 [2010.01.06 06:23:12 | 000,000,600 | ---- | C] () -- C:\Users\Vogelmann\AppData\Local\PUTTY.RND
 [2009.11.26 04:08:03 | 000,002,560 | ---- | C] () -- C:\Windows\System32\pavedius.dll
 [2009.11.26 04:07:59 | 000,003,072 | ---- | C] () -- C:\Windows\hasp_windows.dll
 [2009.11.20 12:33:53 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
 [2009.11.02 20:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 [2009.11.02 20:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 [2009.07.14 09:47:43 | 000,647,138 | ---- | C] () -- C:\Windows\System32\perfh007.dat
 [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
 [2009.07.14 09:47:43 | 000,127,198 | ---- | C] () -- C:\Windows\System32\perfc007.dat
 [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
 [2009.07.14 05:33:53 | 000,412,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
 [2009.07.14 03:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
 [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
 [2009.07.14 03:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
 [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
 [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
 [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
 [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
 [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 [2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
 
 < End of report >
 --- --- --- 
OTL Logfile:   Code: 
 OTL Extras logfile created on: 03.03.2011 15:33:10 - Run 1OTL by OldTimer - Version 3.2.22.2     Folder = C:\Users\Vogelmann\Desktop\MFTools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.7600.16385)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 83,41 Gb Total Space | 3,50 Gb Free Space | 4,20% Space Free | Partition Type: NTFS
 Drive D: | 195,96 Gb Total Space | 10,53 Gb Free Space | 5,37% Space Free | Partition Type: NTFS
 Drive E: | 15,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
 Computer Name: NEST | User Name: Vogelmann | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user
 Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
 [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
 .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 ========== Shell Spawning ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
 Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
 Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Folder [explore] -- Reg Error: Value error.
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
 ========== Security Center Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 "cval" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 "VistaSp1" = Reg Error: Unknown registry data type -- File not found
 "AntiVirusOverride" = 0
 "AntiSpywareOverride" = 0
 "FirewallOverride" = 0
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
 ========== System Restore Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
 ========== Firewall Settings ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 ========== Authorized Applications List ==========
 
 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
 "{07D97136-A219-41FE-9FF9-E18C8A312A7E}" = ProCoder 3
 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
 "{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai
 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
 "{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
 "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
 "{7EAB15F0-5857-A3B6-565F-F5A27EC4FD91}" = ATI Catalyst Install Manager
 "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
 "{8C0302AB-28E3-43F4-8414-10B8E0954ED9}" = Setup
 "{8C298D95-7C7A-4BD1-AAA6-8905F4FB8CAC}" = Wav to Vag
 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
 "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
 "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
 "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
 "{A80E676C-39F9-4BA2-95C8-38CB57B87E94}" = Aquip AWLAN-5
 "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
 "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
 "{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
 "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = PC Camera-168
 "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
 "7-Zip" = 7-Zip 4.65
 "87D46C3F73EF6B7F5CD27D922EEE14783E1AD3BF" = Windows-Treiberpaket - Sony PSP Type B (11/20/2005 20051120)
 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
 "ASIO4ALL" = ASIO4ALL
 "Audiograbber" = Audiograbber 1.83 SE
 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
 "Connectify" = Connectify
 "Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.4.1
 "Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
 "ENTERPRISE" = Microsoft Office Enterprise 2007
 "FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
 "FL Studio 9" = FL Studio 9
 "FreePDF_XP" = FreePDF (Remove only)
 "GoldWave v5.52" = GoldWave v5.52
 "GoldWave v5.57" = GoldWave v5.57
 "GPL Ghostscript 8.71" = GPL Ghostscript 8.71
 "Hardcore" = Hardcore
 "HotspotShield" = Hotspot Shield 1.49
 "IL Download Manager" = IL Download Manager
 "JDownloader" = JDownloader
 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
 "MediaCoder Audio Edition" = MediaCoder Audio Edition 0.7.5.4700
 "MediaCoder iPod Edition" = MediaCoder iPod Edition
 "MediaCoder PSP Edition" = MediaCoder PSP Edition
 "Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
 "No23 Recorder" = No23 Recorder
 "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
 "PoiZone" = PoiZone
 "Redirection Port Monitor" = RedMon - Redirection Port Monitor
 "Sawer" = Sawer
 "SopCast" = SopCast 3.2.9
 "StrokeIt" = StrokeIt
 "SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
 "Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
 "Toxic Biohazard" = Toxic Biohazard
 "VLC media player" = VLC media player 1.1.4
 "WinCDEmu" = WinCDEmu
 "WinPcapInst" = WinPcap 4.0.2
 "winpwn-2.5" = winpwn-2.5 2.5.0.0
 "WinRAR archiver" = WinRAR
 "winscp3_is1" = WinSCP 4.2.9
 
 ========== HKEY_CURRENT_USER Uninstall List ==========
 
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "f58f3889281ea80b" = ContainerEx Decrypter
 "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
 ========== Last 10 Event Log Errors ==========
 
 Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
 < End of report >
 --- --- ---  
Malwarebytes' Anti-Malware 1.46 
Malwarebytes  
Datenbank Version: 4682  
Windows 6.1.7600 
Internet Explorer 8.0.7600.16385  
03.03.2011 15:13:48 
mbam-log-2011-03-03 (15-13-48).txt  
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) 
Durchsuchte Objekte: 336258 
Laufzeit: 1 Stunde(n), 24 Minute(n), 6 Sekunde(n)  
Infizierte Speicherprozesse: 0 
Infizierte Speichermodule: 0 
Infizierte Registrierungsschlüssel: 0 
Infizierte Registrierungswerte: 0 
Infizierte Dateiobjekte der Registrierung: 1 
Infizierte Verzeichnisse: 0 
Infizierte Dateien: 1  
Infizierte Speicherprozesse: 
(Keine bösartigen Objekte gefunden)  
Infizierte Speichermodule: 
(Keine bösartigen Objekte gefunden)  
Infizierte Registrierungsschlüssel: 
(Keine bösartigen Objekte gefunden)  
Infizierte Registrierungswerte: 
(Keine bösartigen Objekte gefunden)  
Infizierte Dateiobjekte der Registrierung: 
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.  
Infizierte Verzeichnisse: 
(Keine bösartigen Objekte gefunden)  
Infizierte Dateien: 
(Keine bösartigen Objekte gefunden)  
GMER Logfile:   Code: 
 GMER 1.0.15.15530 - GMER - Rootkit Detector and RemoverRootkit scan 2011-03-03 16:56:43
 Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 Maxtor_6V300F0 rev.VA111630
 Running: g2m3e4r.exe; Driver: C:\Users\VOGELM~1\AppData\Local\Temp\pxldqpow.sys
 
 
 ---- Kernel code sections - GMER 1.0.15 ----
 
 .text                                                                                                                                 ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                                                                             8347E8E9 1 Byte  [06]
 .text                                                                                                                                 ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                                                      8349E3D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 .text                                                                                                                                 C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                                                    section is writeable [0x90C05000, 0x227A14, 0xE8000020]
 .text                                                                                                                                 bridge.sys                                                                                                                                                                  9131C494 519 Bytes  [8B, FF, 55, 8B, EC, 81, EC, ...]
 .text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                                                                                                    section is writeable [0x9556F400, 0x7960C, 0xE8000020]
 .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x95611420]  C:\Windows\system32\drivers\hardlock.sys                                                                                                                                    entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x95611420]
 .protectÿÿÿÿhardlockunknown last code section [0x95611200, 0x5049, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                                                                                                    unknown last code section [0x95611200, 0x5049, 0xE0000020]
 PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 4F90                                                                                                                                         9577C000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
 PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 50B3                                                                                                                                         9577C123 629 Bytes  [75, 77, 95, FE, 05, 34, 75, ...]
 PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 5329                                                                                                                                         9577C399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
 PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 538F                                                                                                                                         9577C3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
 PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 543B                                                                                                                                         9577C4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
 PAGE                                                                                                                                  ...
 
 ---- Devices - GMER 1.0.15 ----
 
 AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
 Device                                                                                                                                \Driver\ACPI_HAL \Device\00000079                                                                                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
 AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
 ---- Registry - GMER 1.0.15 ----
 
 Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                                                                          ???y2.???????x??????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|?????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|???????X??????????e???????????????x???=?????????=?=??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30785|Desc=@FirewallAPI.dll,-30788|EmbedCtxt=@FirewallAPI.d
 Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                                                     ????????????????????03????t?????????????????????USB\Class_06&SubClass_01&Prot_01?USB\Class_06&SubClass_01?USB\Class_06??????{eec5ad98-8080-425f-922a-dabf3de3f69a}??????{eec5ad98-8080-425f-922a-dabf3de3f69a}\0038?????????e)??????????????????????????????????????????6.1.7600.16385????????????????????????????????"?????????????????????USB-Verbundger?t?????????????????????????u??????????0000.001d.0000.001.000.000.000.000.000??????????????? ??????????De??????????????????????????????????? ??????????????????????87??????????????? l??????t??????????? ???????5??????????????? ???t???}????????????????????*??????v?????????n?u????????????:???????????h?????????????????t???Port_#0001.Hub_#0004?5???????????8????????m9C6??????????? ??????????????????USB\Class_03&SubClass_01&Prot_02?USB\Class_03&SubClass_01?USB\Class_03???????????????5??0????????????????h????N????????????D?????????U??{603d3325-0b7e-11df-9cd3-000c6ece0e75}?asi???????????5??????????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0014?63??@disk.inf,%disk_devdesc%;Laufwerk??
 Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                                                              ???n?s????X??????????????????l???????????????????????/??HIDClass?e???????????????????? ??h???????9??{00000000-0000-0000-ffff-ffffffffffff}??????HidUsb?3-9??H:\??????????????s??????m3???h?z???????????????????????4????? ???d???V?????t??????N??i???s?????Der???????????3???????????????????????????????h??????? ???????h???????????h?-??????,???????????????s??????????h???????????????h???????????????????????????????h???????????????????p??09??????? ???????h?????????????-?????????????????f?????h?????h??? ???????h?????????????1??L????????? ??????????????h???h???h????????? ???????h?????h???????1????????????&???????????????????????? ???????h?????????????1?????????????????????~??RV??????? ???????f?????????????-??P??????? ????I????@mshdc.inf,%idechannel.devicedesc%;IDE-Kanal? ??IDE-Kanal??????h?????????1??????????? ??????? ???????h?????????????1????????????????????? ???????h?????????????1????????????????????? ???????h?????????????1???????????????????????h???h???h???h???h???h???h???h??CI bus %1, d??? ???????h?????h???????1???
 Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                                                         ???p?s?????m????? ???????m?????m???????1????????????????????? ???????m???????????k?1????????????????????? ???????m???????????l?1???????????????????????m???????m????? ???????m?????m???????1???????????????????????m???m???m???m???m???m???m???m????????????????? ???????m???????????k?1?????????????????????m?m???????m????? ???????k?????m???????-??????????`??????????T??? ???????m?????m?? ????-??"?????j????????????????@??????s????????????0??t6???????????m??????????????? ???????l?????l???????1?????????????????????m?m?5?????m?&??? ???????m???????????m?1????????????????????6.1.7600.16385???5???????????????????m?m?m?????????m????? ???????m?????m???????1?????????????????????m?m?????????m??????????Standardvolume?????????m????????????volume.inf:MSFT.NTx86:volume_install:6.1.7600.16385:storage\volume??? ???????m???5???????????????  ??t???e?????Net??????r ??? ???????m???????????l?1????????????????????? ???????m?????m???????1???????????????????????m???m???m???m????? ???????m???????????l?-??????????????????????s?????? ???????m?
 Reg                                                                                                                                   HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Electronic Arts\Der Pate\xae Das Spiel\GDFTHR_inst.exe  1
 
 ---- EOF - GMER 1.0.15 ----
 --- --- --- |