Hey,
danke für den Hinweis, hatte wohl nicht ganz funktioniert :crazy:
Hier die drei Logs: Zitat:
Malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4381
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02.08.2010 20:15:29
mbam-log-2010-08-02 (20-15-29).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 231114
Laufzeit: 1 Stunde(n), 23 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall (Worm.PushBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall (Worm.PushBot) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Temp\~TM8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8FUXS560\1q[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC87EAC0-CEB9-4B5D-A087-EED43018C0F9}\RP262\A0067011.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Programme\Gemeinsame Dateien\System\ado1.dll (Trojan.BHO) -> Delete on reboot.
| [QUOTE] OTL.txt
OTL Logfile: Code:
OTL logfile created on: 02.08.2010 20:24:26 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,34 Gb Total Space | 4,16 Gb Free Space | 10,32% Space Free | Partition Type: NTFS
Drive D: | 34,18 Gb Total Space | 6,20 Gb Free Space | 18,14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANDI
Current User Name: Andreas
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft)
PRC - C:\Programme\stickies\stickies.exe (Zhorn Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Vidalia (Pandora)\Tor\tor.exe ()
PRC - C:\Programme\Vidalia (Pandora)\Vidalia\vidalia.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\svchospt.exe (FK2)
PRC - C:\Programme\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\Programme\Vidalia (Pandora)\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\o2flash.exe ()
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\stickies\shook45.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (smserial) -- C:\WINDOWS\System32\DRIVERS\smserial.sys File not found
DRV - (InCDRm) -- C:\WINDOWS\System32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- C:\WINDOWS\System32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- C:\WINDOWS\System32\drivers\InCDFs.sys File not found
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google und Download-Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: service@touchpdf.com:1.15
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: gmailnoads@mywebber.com:3.1.2
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.02 20:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.02 20:21:47 | 000,000,000 | ---D | M]
[2009.07.19 20:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Extensions
[2010.08.02 18:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions
[2010.03.17 21:23:04 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.08.01 18:59:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.01 18:59:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.15 23:49:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\firefox@tvunetworks.com
[2010.08.01 18:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\foxyproxy@eric.h.jung
[2010.03.31 15:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\gmailnoads@mywebber.com
[2010.02.17 21:28:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\moveplayer@movenetworks.com
[2010.04.14 17:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\personas@christopher.beard
[2010.02.06 15:05:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\service@touchpdf.com
[2010.05.02 15:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\extensions\youtube2mp3@mondayx.de
[2009.10.28 22:22:10 | 000,002,321 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\searchplugins\forestle-de.xml
[2009.07.26 11:16:38 | 000,002,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\1eh6ihjr.default\searchplugins\google-und-download-suche.xml
[2010.08.02 18:05:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.27 19:26:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.08.02 20:21:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.02 20:21:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.02 20:21:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.02 20:21:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.02 20:21:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.03.02 14:51:29 | 000,000,877 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 www.mobile-master.de mobile-master.de
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-776561741-706699826-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Acrobat Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [svchospt] C:\WINDOWS\system32\svchospt.exe (FK2)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-776561741-706699826-725345543-1003..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-776561741-706699826-725345543-1003..\Run: [Vidalia] C:\Programme\Vidalia (Pandora)\Vidalia\vidalia.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Privoxy.lnk = C:\Programme\Vidalia (Pandora)\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Stickies.lnk = C:\Programme\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ozzfhv.exe) - C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ozzfhv.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.19 18:30:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e1c4431-8f13-11df-aaeb-00c0a8c4f6c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e1c4431-8f13-11df-aaeb-00c0a8c4f6c3}\Shell\AutoRun\command - "" = H:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{1e1c4431-8f13-11df-aaeb-00c0a8c4f6c3}\Shell\explore\command - "" = H:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{1e1c4431-8f13-11df-aaeb-00c0a8c4f6c3}\Shell\open\command - "" = H:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{606543b9-69ae-11df-9cd8-00c0a8c4f6c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{606543b9-69ae-11df-9cd8-00c0a8c4f6c3}\Shell\AutoRun\command - "" = H:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{606543b9-69ae-11df-9cd8-00c0a8c4f6c3}\Shell\explore\command - "" = H:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{606543b9-69ae-11df-9cd8-00c0a8c4f6c3}\Shell\open\command - "" = H:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{a53d38a0-447c-11df-9a90-00c0a8c4f6c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a53d38a0-447c-11df-9a90-00c0a8c4f6c3}\Shell\AutoRun\command - "" = F:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{a53d38a0-447c-11df-9a90-00c0a8c4f6c3}\Shell\explore\command - "" = F:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{a53d38a0-447c-11df-9a90-00c0a8c4f6c3}\Shell\open\command - "" = F:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{adcb74e4-75eb-11de-9bab-00c0a8c4f6c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adcb74e4-75eb-11de-9bab-00c0a8c4f6c3}\Shell\AutoRun\command - "" = F:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{adcb74e4-75eb-11de-9bab-00c0a8c4f6c3}\Shell\explore\command - "" = F:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{adcb74e4-75eb-11de-9bab-00c0a8c4f6c3}\Shell\open\command - "" = F:\PERO\\\\\\SPECIJALAC.exe -- File not found
O33 - MountPoints2\{b9418dfc-7483-11de-b28a-00030d51d0a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9418dfc-7483-11de-b28a-00030d51d0a1}\Shell\AutoRun\command - "" = I:\
O33 - MountPoints2\{b9418dfc-7483-11de-b28a-00030d51d0a1}\Shell\explore\command - "" = I:\
O33 - MountPoints2\{b9418dfc-7483-11de-b28a-00030d51d0a1}\Shell\open\command - "" = I:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010.08.02 10:25:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Malwarebytes
[2010.08.02 10:24:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.02 10:24:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.02 10:24:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.02 10:24:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.02 10:02:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2010.08.01 21:12:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Desktop\Bestof-Weymouth
[2010.08.01 17:27:24 | 000,151,040 | RHS- | C] (Logitech, Inc.) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\dgixy.exe
[2010.07.14 08:04:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.14 07:51:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.12 22:10:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\2010_10-Reiseunterlagen London
[2010.07.12 00:25:56 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SystemHelper.exe
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.08.02 20:25:20 | 033,990,688 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.08.02 20:18:01 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.08.02 20:18:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.02 20:17:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.02 20:17:44 | 2548,215,808 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.02 20:16:58 | 000,401,276 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.08.02 20:16:37 | 006,815,744 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andreas\NTUSER.DAT
[2010.08.02 20:16:37 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Andreas\ntuser.ini
[2010.08.02 20:16:34 | 004,321,912 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.08.02 14:24:47 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010.08.02 14:24:47 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2010.08.02 10:24:54 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 18:39:53 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.01 17:26:50 | 000,243,200 | RHS- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ozzfhv.exe
[2010.08.01 17:26:49 | 000,151,040 | RHS- | M] (Logitech, Inc.) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\dgixy.exe
[2010.08.01 17:23:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.14 08:38:34 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010.07.14 08:11:02 | 000,051,200 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.12 10:48:19 | 000,000,160 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\startup.reg
[2010.07.12 00:51:27 | 001,200,148 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.12 00:51:27 | 000,530,640 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.12 00:51:27 | 000,505,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.12 00:51:27 | 000,106,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.12 00:51:27 | 000,088,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.12 00:25:59 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SystemHelper.exe
[2010.07.10 06:26:58 | 000,066,085 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Be careful with superglue.jpg
[2010.07.06 14:56:46 | 000,071,996 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Rechnung_Adi-Racer 46.pdf
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.02 20:20:10 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\wiaservg.log
[2010.08.02 10:24:54 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 17:26:51 | 000,243,200 | RHS- | C] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ozzfhv.exe
[2010.07.14 08:38:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.07.12 00:25:49 | 000,000,160 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\startup.reg
[2010.07.10 06:26:58 | 000,066,085 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Be careful with superglue.jpg
[2010.07.06 14:56:44 | 000,071,996 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Rechnung_Adi-Racer 46.pdf
[2010.05.15 13:10:50 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2010.05.15 13:10:50 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2010.05.15 13:10:50 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2010.05.15 13:06:47 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010.05.15 13:06:47 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010.02.18 20:46:13 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.02.18 20:46:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.01.23 15:20:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.01.23 15:20:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.01.23 15:20:42 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.09.16 18:09:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.07.22 17:14:43 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2009.07.21 00:47:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.07.20 11:42:05 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.20 01:13:03 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2009.07.20 01:13:03 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2009.07.20 01:12:39 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009.07.19 19:43:34 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.07.19 18:34:33 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.05 14:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2001.05.24 10:20:38 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2001.03.30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll
[2000.06.28 01:00:00 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\dXCtrls.dll
========== LOP Check ==========
[2009.08.03 18:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2009.07.20 11:49:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010.02.09 21:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Droppix
[2010.05.03 23:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.03.29 23:06:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2009.07.20 01:13:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2010.05.03 23:22:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache
[2010.03.02 13:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.05.15 13:10:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2010.05.31 23:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2010.08.01 23:12:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.05.14 18:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Amazon
[2010.01.07 18:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Bombermaaan
[2009.07.21 15:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DAEMON Tools Pro
[2010.03.29 22:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DemoCreator
[2010.02.09 21:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Droppix
[2010.05.03 20:20:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\FreeFLVConverter
[2010.04.23 12:38:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ICQ
[2010.03.02 14:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Jumping Bytes
[2010.03.02 15:26:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mobile Master
[2010.04.12 22:52:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\MyPhoneExplorer
[2010.03.02 13:03:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Nokia
[2010.03.02 13:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\PC Suite
[2010.05.03 23:41:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\SMSServant
[2010.08.02 20:18:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\stickies
[2010.01.23 11:52:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Teleca
[2009.12.30 12:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\UDC Profiles
[2010.04.02 20:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\WinBatch
[2010.06.22 15:08:04 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.05.15 13:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\SPSS
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.03.08 16:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Adobe
[2009.08.03 20:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Ahead
[2010.05.14 18:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Amazon
[2009.07.25 19:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Apple Computer
[2009.07.19 19:48:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ATI
[2010.01.07 18:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Bombermaaan
[2009.07.21 15:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DAEMON Tools Pro
[2010.03.29 22:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DemoCreator
[2010.05.15 10:30:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DivX
[2010.02.09 21:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Droppix
[2010.06.09 15:02:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\dvdcss
[2010.05.03 20:20:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\FreeFLVConverter
[2010.04.23 12:38:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ICQ
[2009.07.19 18:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Identities
[2010.03.02 14:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Jumping Bytes
[2009.07.20 10:50:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Macromedia
[2010.08.02 10:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Malwarebytes
[2010.03.02 15:12:58 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft
[2010.03.02 15:26:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mobile Master
[2010.02.17 21:28:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Move Networks
[2009.07.19 20:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla
[2010.04.12 22:52:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\MyPhoneExplorer
[2010.02.14 22:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Nero
[2010.03.02 13:03:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Nokia
[2010.03.02 13:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\PC Suite
[2010.04.29 22:31:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Skype
[2010.04.29 20:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\skypePM
[2010.05.03 23:41:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\SMSServant
[2010.01.22 15:19:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Sony Ericsson
[2010.08.02 20:18:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\stickies
[2009.08.07 14:02:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Sun
[2010.01.23 11:52:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Teleca
[2010.08.02 20:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Tor
[2010.03.27 18:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\U3
[2009.12.30 12:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\UDC Profiles
[2010.06.22 11:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Vidalia
[2010.08.01 18:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\vlc
[2010.08.02 17:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Winamp
[2010.04.02 20:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\WinBatch
[2009.07.20 10:01:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
[2010.08.01 17:26:49 | 000,151,040 | RHS- | M] (Logitech, Inc.) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\dgixy.exe
[2010.08.01 17:26:50 | 000,243,200 | RHS- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ozzfhv.exe
[2006.05.23 19:04:56 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\U3\temp\cleanup.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.10 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 21:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 21:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2005.04.08 11:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.10 21:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.10 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.10 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.20 11:42:06 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.07.19 20:10:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.19 20:10:57 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.19 20:10:57 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.14 07:52:10 | 001,267,200 | R--- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2003.02.07 01:02:00 | 000,424,448 | ---- | M] ( Developer Express Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\dXTList.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 02.08.2010 20:24:26 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,34 Gb Total Space | 4,16 Gb Free Space | 10,32% Space Free | Partition Type: NTFS
Drive D: | 34,18 Gb Total Space | 6,20 Gb Free Space | 18,14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANDI
Current User Name: Andreas
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-776561741-706699826-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\SPSSInc\SPSS16DE\spss.exe" = C:\Programme\SPSSInc\SPSS16DE\spss.exe:*:Disabled:SPSS 16.0 für Windows (1031:exe) -- (SPSS Inc)
"C:\Programme\SPSSInc\SPSS16DE\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\SPSS16DE\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1031) -- (SPSS Inc.)
"C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.com" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91CA8C77-30FC-4AAF-B2EE-F51B0746D95C}" = ATI Catalyst Control Center
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{99A89BD2-21DF-43EB-9024-9A4040F167F5}" = SPSS 16.0 für Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio Dub_is1" = Free Audio Dub version 1.5
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"HP-LaserJet 1020 series" = LaserJet 1020 series
"Icy Tower v1.4_is1" = Icy Tower v1.4
"ie8" = Windows Internet Explorer 8
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Micro 8.2.8.0
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"pdfsam" = pdfsam
"Privoxy" = Privoxy 3.0.6
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"SopCast" = SopCast 3.2.4
"Starcraft" = Starcraft
"Tor" = Tor 0.2.1.19
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Vidalia" = Vidalia 0.1.15
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZhornStickies" = Stickies 6.7a
"ZoneAlarm" = ZoneAlarm
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-776561741-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.06.2010 12:12:59 | Computer Name = ANDI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung QuickTimePlayer.exe, Version 7.2.0.240, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.06.2010 06:33:25 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung divxupdate.exe, Version 1.0.1.10, fehlgeschlagenes
Modul msvcp80.dll, Version 8.0.50727.4053, Fehleradresse 0x000100b5.
Error - 23.06.2010 08:17:27 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vidalia.exe, Version 0.1.15.0, fehlgeschlagenes
Modul qtcore4.dll, Version 4.5.1.0, Fehleradresse 0x00010e5e.
Error - 24.06.2010 12:02:45 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung divxupdate.exe, Version 1.0.1.10, fehlgeschlagenes
Modul msvcp80.dll, Version 8.0.50727.4053, Fehleradresse 0x000100b5.
Error - 25.06.2010 11:53:23 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.5.7.2810, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000108d3.
Error - 01.07.2010 08:24:57 | Computer Name = ANDI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vidalia.exe, Version 0.1.15.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.07.2010 05:32:08 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung divxupdate.exe, Version 1.0.1.10, fehlgeschlagenes
Modul msvcp80.dll, Version 8.0.50727.4053, Fehleradresse 0x000100b5.
Error - 09.07.2010 05:07:50 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung divxupdate.exe, Version 1.0.1.10, fehlgeschlagenes
Modul msvcp80.dll, Version 8.0.50727.4053, Fehleradresse 0x000100b5.
Error - 09.07.2010 16:25:18 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul divxdech264.ax, Version 9.0.1.21, Fehleradresse 0x00019290.
Error - 09.07.2010 17:28:30 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.5.7.2810, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010f20.
[ OSession Events ]
Error - 24.04.2010 07:56:58 | Computer Name = ANDI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 11192 seconds with 60 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 12.07.2010 09:51:11 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "O2Micro Flash Memory" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 14.07.2010 02:03:59 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 14.07.2010 02:04:07 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "O2Micro Flash Memory" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 15.07.2010 12:09:16 | Computer Name = ANDI | Source = Print | ID = 6161
Description = Das Dokument Hypothese3_T-Test-Ergebnisse.spv [Dokument2], im Besitz
von Andreas, konnte nicht auf dem Drucker PDFCreator gedruckt werden. Datentyp:
NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 0. Anzahl der gedruckten
Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 0. Anzahl der gedruckten Seiten:
0. Clientcomputer: \\ANDI. Vom Druckprozessor zurückgelieferter Win32-Fehlercode:
259 (0x103).
Error - 01.08.2010 11:34:29 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "O2Micro Flash Memory" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.08.2010 11:34:35 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.08.2010 11:35:22 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.08.2010 15:29:52 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "O2Micro Flash Memory" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.08.2010 15:29:52 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.08.2010 14:23:16 | Computer Name = ANDI | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
--- --- --- |
