MSN Verschickt links mit der URL: http://MSNBenutzername.randomdomain.randomcode

#16

Code

OTL logfile created on: 20.04.2010 07:04:40 - Run 2
OTL by OldTimer - Version 3.2.1.3     Folder = C:\Users\Kaputtes Arschloch\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 173,86 Gb Free Space | 58,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KAPUTTESARSCH
Current User Name: Kaputtes Arschloch
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Kaputtes Arschloch\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Public\infocard.exe ()
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Safari\Safari.exe (Apple Inc.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Kaputtes Arschloch\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Inc)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 22:41:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 22:41:39 | 000,000,000 | ---D | M]
 
[2010.03.21 15:30:30 | 000,000,000 | ---D | M] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Extensions
[2010.03.21 15:30:30 | 000,000,000 | ---D | M] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.04.19 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Firefox\Profiles\luqzq02y.default\extensions
[2010.02.01 08:47:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Firefox\Profiles\luqzq02y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.12 14:16:25 | 000,000,000 | ---D | M] (kikin plugin (JDownloader Edition)) -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Firefox\Profiles\luqzq02y.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.04.14 22:15:21 | 000,000,944 | ---- | M] () -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Mozilla\FireFox\Profiles\luqzq02y.default\searchplugins\icqplugin.xml
[2010.04.13 17:00:55 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.13 17:00:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cm106Sound]  File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.04.19 22:39:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.19 22:39:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.19 22:39:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.19 22:39:22 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.19 22:39:22 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.19 22:39:22 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.19 22:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.18 02:06:36 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Mumble
[2010.04.18 02:06:16 | 000,000,000 | ---D | C] -- C:\Programme\Mumble
[2010.04.18 02:05:04 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\mumble
[2010.04.16 18:42:55 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\Warcraft
[2010.04.16 16:12:54 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\pc heroes of might and magic 3 complete
[2010.04.14 15:20:12 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 15:20:11 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 15:20:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 14:58:53 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.13 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\skypePM
[2010.04.13 17:01:01 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Skype
[2010.04.13 17:00:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.04.13 17:00:38 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.04.13 17:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.04.12 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\kikin
[2010.04.12 14:16:19 | 000,000,000 | ---D | C] -- C:\Programme\kikin
[2010.04.12 14:16:05 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.04.12 10:36:04 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\Jdownloader
[2010.03.31 13:39:50 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 13:39:50 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 13:39:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 13:39:50 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 13:39:50 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 13:39:50 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 13:39:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 13:39:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 13:39:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 13:39:50 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 13:39:49 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.30 12:05:53 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\Musik
[2010.03.29 15:58:13 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Documents\StarCraft II Beta
[2010.03.29 15:58:13 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Local\Blizzard Entertainment
[2010.03.29 15:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.03.29 15:58:12 | 000,000,000 | ---D | C] -- C:\Programme\StarCraft II Beta
[2010.03.29 15:58:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2010.03.29 15:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.03.29 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\StarCraft II Beta deDE 13891 Installer
[2010.03.29 13:33:42 | 002,764,977 | ---- | C] (Blizzard Entertainment) -- C:\Users\Kaputtes Arschloch\Desktop\StarCraft_2_Beta_deDE.exe
[2010.03.27 19:49:30 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Logitech
[2010.03.27 19:49:07 | 000,127,034 | R--- | C] (BackWeb Technologies Inc.                         ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
[2010.03.27 19:46:23 | 000,301,656 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\BtCoreIf.dll
[2010.03.27 19:46:17 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\kemutb.dll
[2010.03.27 19:46:17 | 000,141,840 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemUtil.dll
[2010.03.27 19:46:17 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemWnd.dll
[2010.03.27 19:46:17 | 000,076,304 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemXML.dll
[2010.03.27 19:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.03.27 19:45:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Logishrd
[2010.03.27 19:45:54 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.03.27 19:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.03.21 21:43:29 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INLOADER.DLL
[2010.03.21 21:43:14 | 000,000,000 | ---D | C] -- C:\Programme\PCFriendly
[2010.03.21 21:43:04 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010.03.21 15:30:38 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Documents\LimeWire
[2010.03.21 15:30:13 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\LimeWire
[2010.03.21 15:29:48 | 000,000,000 | ---D | C] -- C:\Programme\LimeWire
[2010.03.21 15:26:50 | 024,186,176 | ---- | C] (Lime Wire LLC) -- C:\Users\Kaputtes Arschloch\Desktop\LimeWireWin557.exe
[2010.01.26 20:43:28 | 814,143,398 | ---- | C] (GOA                                                         ) -- C:\Users\Kaputtes Arschloch\loleusetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.04.20 07:04:43 | 001,572,864 | -HS- | M] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT
[2010.04.20 07:02:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.19 23:00:47 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.19 23:00:47 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.19 22:39:37 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.19 00:26:05 | 001,645,716 | -H-- | M] () -- C:\Users\Kaputtes Arschloch\AppData\Local\IconCache.db
[2010.04.18 23:59:10 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Kaputtes Arschloch.job
[2010.04.18 02:06:54 | 000,002,385 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Documents\MumbleAutomaticCertificateBackup.p12
[2010.04.18 02:06:36 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Mumble (Abwärtskompatibel).lnk
[2010.04.18 02:06:36 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.04.17 17:01:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.17 17:01:15 | 3215,867,904 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.17 02:16:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.17 02:16:57 | 000,524,288 | -HS- | M] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.17 02:16:57 | 000,065,536 | -HS- | M] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.13 17:02:25 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.04.13 17:00:39 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.04.12 14:16:09 | 000,000,854 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\JDownloader.lnk
[2010.04.08 12:36:26 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.08 12:36:26 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.08 12:36:26 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.08 12:36:26 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.08 12:36:26 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.30 12:12:38 | 000,010,752 | ---- | M] () -- C:\Users\Kaputtes Arschloch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.29 16:01:34 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010.03.29 13:33:43 | 002,764,977 | ---- | M] (Blizzard Entertainment) -- C:\Users\Kaputtes Arschloch\Desktop\StarCraft_2_Beta_deDE.exe
[2010.03.27 19:49:09 | 000,002,260 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010.03.27 19:49:07 | 000,127,034 | R--- | M] (BackWeb Technologies Inc.                         ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
[2010.03.27 19:47:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.03.27 19:47:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010.03.27 19:46:23 | 000,001,833 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.03.27 19:46:23 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2010.03.25 19:06:50 | 000,028,033 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\Deutsch-LK Übungen.odt
[2010.03.24 16:10:17 | 000,028,496 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\Luisa.odt
[2010.03.23 18:32:48 | 000,052,409 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\Jn6pKbptAfz7.png
[2010.03.21 21:42:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.03.21 21:42:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.03.21 15:30:41 | 000,001,658 | ---- | M] () -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010.03.21 15:29:57 | 000,001,700 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\LimeWire 5.5.7.lnk
[2010.03.21 15:26:57 | 024,186,176 | ---- | M] (Lime Wire LLC) -- C:\Users\Kaputtes Arschloch\Desktop\LimeWireWin557.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.04.19 22:39:37 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.18 02:06:54 | 000,002,385 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Documents\MumbleAutomaticCertificateBackup.p12
[2010.04.18 02:06:36 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Mumble (Abwärtskompatibel).lnk
[2010.04.18 02:06:36 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.04.13 17:02:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.13 17:00:39 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.04.12 14:16:09 | 000,000,854 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\JDownloader.lnk
[2010.03.29 15:58:13 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010.03.27 19:49:09 | 000,002,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010.03.27 19:47:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.03.27 19:47:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010.03.27 19:46:23 | 000,001,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.03.27 19:46:23 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2010.03.24 01:48:16 | 000,028,496 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\Luisa.odt
[2010.03.23 18:32:48 | 000,052,409 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\Jn6pKbptAfz7.png
[2010.03.23 18:08:08 | 000,028,033 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\Deutsch-LK Übungen.odt
[2010.03.21 21:42:58 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.03.21 21:42:58 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.03.21 15:30:41 | 000,001,658 | ---- | C] () -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010.03.21 15:29:57 | 000,001,700 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\LimeWire 5.5.7.lnk
[2010.02.20 21:04:38 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll
[2010.02.20 21:03:42 | 000,000,342 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2010.02.20 21:03:41 | 000,241,664 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010.02.20 21:03:41 | 000,003,329 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.02.20 21:03:41 | 000,000,869 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2010.02.20 21:03:41 | 000,000,335 | ---- | C] () -- C:\Windows\cm106.ini
[2010.02.19 10:21:25 | 000,010,752 | ---- | C] () -- C:\Users\Kaputtes Arschloch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.26 20:24:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.26 20:24:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.01.26 18:47:01 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010.01.26 15:42:23 | 000,000,680 | ---- | C] () -- C:\Users\Kaputtes Arschloch\AppData\Local\d3d9caps.dat
[2010.01.26 15:42:22 | 000,000,020 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\ntuser.ini
[2010.01.26 15:42:21 | 001,572,864 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT
[2010.01.26 15:42:21 | 000,524,288 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.01.26 15:42:21 | 000,524,288 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.01.26 15:42:21 | 000,262,144 | -H-- | C] () -- C:\Users\Kaputtes Arschloch\ntuser.dat.LOG1
[2010.01.26 15:42:21 | 000,065,536 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.01.26 15:42:21 | 000,000,000 | -H-- | C] () -- C:\Users\Kaputtes Arschloch\ntuser.dat.LOG2
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.05.06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1998.10.11 02:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll
< End of report >

#17 Schritt 1

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren

Zitat

LimeWire

Schritt 2
C:\Programme\Bonjour\mDNSResponder.exe

Bei Dir läuft Bonjour, welches von Apple ungefragt z. B. bei iTunes oder Safari-Browser mitinstalliert wird. Das Programm wird von vielen Usern gar nicht gebraucht. Ich habe bei Wikipedia ausführliche Informationen zu dem Programm Bonjour gefunden und beschreibe Dir im Anschluss, wie man das Programm wieder deinstallieren kann, falls das über den normalen Weg Systemsteuerung - Software nicht möglich ist. Solltest Du es nicht brauchen, bitte zunächst versuchen, es über Systemsteuerung => Software zu deinstallieren. Sollte das nicht möglich sein, fahre wie folgt fort:

• Start => ausführen => dort reinschreiben: services.msc => OK => es öffnet sich das "Dienste"-Fenster.
"Bonjour Dienst" in der Liste auswählen und "Beenden" ausführen.
• Kommandozeile öffnen: Start => ausführen => cmd reinschreiben
und ins Verzeichnis "<Systemvolume>\Programme\Bonjour" wechseln,
z. B. mit dem Kommando: cd "C:\Programme\Bonjour"
• Folgendes Kommando eingeben: mDNSResponder -remove
• Danach kannst Du den Ordner C:\Programme\Bonjour löschen.

Wenn das so nicht klappt, gehe auf diese Seite, lade Dir lspfix.zip runter und entpacke das Archiv auf Deinen Desktop. Wenn Du kein Zip-Programm hast, kannst Du auch LSPFix.exe und spfix.txt runterladen. Starte LSPFix.exe, schiebe mit dem >>-Button die mdnsnsp.dll nach rechts, da sie muss raus, hake "I know what i'm doing" an und klicke auf "Finish". Rechner neu starten. Der Ordner C:\Programme\Bonjour\ sollte sich nun löschen lassen.

Schritt 3

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
PRC - C:\Users\Public\infocard.exe ()
O4 - HKCU..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe ()
:Files
C:\Users\Public\infocard.exe
:Commands
[purity]
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread


Schritt 4

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu


Schritt 5

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.
• Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
• Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

#18

Code

OTL Extras logfile created on: 22.04.2010 03:17:52 - Run 3
OTL by OldTimer - Version 3.2.1.3     Folder = c:\Users\Kaputtes Arschloch\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 171,73 Gb Free Space | 57,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KAPUTTESARSCH
Current User Name: Kaputtes Arschloch
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0602F895-F912-43C0-8CD0-64A1D3ECD3BE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0B343994-6624-41CD-8C04-671ADED9BD86}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{0B681028-F159-42E8-85AD-AD1CE9AFD085}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0CBC90A0-8FB7-4173-9FE7-4F74D7FCA5F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14FCEBFC-002C-467A-8643-632A9C43C4B4}" = lport=6112 | protocol=17 | dir=in | name=warcraft 3 (2) | 
"{231568CF-B481-444C-A4F0-976A7B0C094A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{29490E6D-01DA-4BD4-87E7-C08280AB4659}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2D11403A-3EF4-475E-A3FE-132793631848}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2DFC3F5B-ED5A-45B2-ACCC-284F214BC775}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{309C25B7-A087-4AC0-9015-E663D6F36741}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{31ABEC02-DF92-41AC-83F5-CC9332EB01AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{412C9F4B-CD14-4E51-900C-A8DE16956D40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{458328ED-37F7-47ED-8FC6-16534C3154EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5236F17A-2028-40E7-97F1-7A2701BEBCFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5363EB21-A01C-4912-8030-7CFAD0DC9FCF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5FE2022D-B42E-453A-AA39-1A7F14E2327A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60304A9D-89DD-476F-8A20-74CBAE8CEE26}" = rport=138 | protocol=17 | dir=out | app=system | 
"{62495D88-70D4-4FDE-A816-D9F5E01A8E3C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6838F951-EBFF-4D82-90BA-E10DA3477CDD}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{73269F12-4512-4B12-9C69-66434E20388C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{83A2CC45-DE58-441D-80C0-516B3340329A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8AEDDE68-77D2-4920-A60B-22F22F1CEDE4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{992237B6-B71F-4DD9-B6F3-DA7AC41239FD}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{9BB11E87-91FA-4779-B1C0-6774A45C695A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A5D56D73-ECFB-48DA-8D6F-6C6D2BC26980}" = lport=6984 | protocol=6 | dir=in | name=league of legends launcher | 
"{A7649A37-F4D1-40C0-B700-BBACA579F8F7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BF03A0E9-4B33-4D50-AC4A-2198F0F99169}" = lport=6970 | protocol=6 | dir=in | name=league of legends launcher | 
"{BF8C1A11-987D-4DED-9E90-22B8909ACA43}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C593DD35-89FF-48E6-A712-E86A997F4D78}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C71FE94E-4B6F-40C0-B7EA-E29EC4065030}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D4220690-FC66-4624-8D1F-F03986E5FFB2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D5676CD8-27CB-419B-839A-6F746622A199}" = lport=6970 | protocol=17 | dir=in | name=league of legends launcher | 
"{D599A99A-1B67-4AC9-8589-9AF40A327594}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DF8A0C6E-EBA2-4CC4-A24D-939A697508C5}" = lport=6112 | protocol=6 | dir=in | name=warcraft 3 (1) | 
"{EB4C528D-908C-4391-B95C-3F864AFE6841}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC403C7E-6FDE-4BEA-9A02-8CF0C03BBEDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F637C6DA-FD5E-49B7-917D-A08F22874C9F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F9B64893-F5AB-4A52-93CD-3C613D2A9990}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{FAAB97D0-1315-4271-A896-412D22768D86}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FD0ADC02-C731-40A6-BD8C-37BCF6322DCA}" = lport=6984 | protocol=17 | dir=in | name=league of legends launcher | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020C1CFE-B199-4651-A104-76207A395297}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{04276DB6-C0C1-4FF7-9AC2-3FC6645F3809}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{0AA154A7-2174-4A2C-9C02-5D90E26F0491}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{0F5E0600-A430-42BC-99C0-236839E7CA2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{186E5875-16DF-462D-86D1-93B0D11CBDB5}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{18E7ECA1-823F-4A70-BF0D-C75134A45B59}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{19B2F60F-B087-45BB-9BD7-D70452859BED}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe | 
"{1D701500-23AC-4EE0-8018-91EA2E592D74}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1F5DC948-6C3F-474B-871B-AB650E2D16B1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{237795AE-ADBE-452E-A9DC-B4AC9535686A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{23932160-D33E-4152-AF57-FB959271172F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{26312819-A929-4A88-B3EB-3EB616A1E8B1}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{2B574E5A-1DBB-4005-9B1A-D55A50D76F58}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{32BFAC85-F42E-4DD7-A963-9ED4CC78C63E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe | 
"{3D80C018-B5EF-46EB-9617-54C6994D83EB}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{406DEFCA-DFF9-480C-9C52-D94CEEDB63F9}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{59E4C92B-9A66-466E-9B49-64B3A31F3886}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5A96B142-6BA4-4E07-8ABE-509675DC03F4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5AB1AD1F-0DC3-411B-8693-E34116959801}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{5BD4BDB3-CDB8-44CD-AAC3-12BD33EB6008}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{69114344-C18D-4CB1-8B3F-B645999A8A57}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C4DAE76-8F6E-4F5E-B595-C371E02E7C2D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{6FD7775A-56A0-41F8-BA3A-57791A87EB5E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7261ADE5-9A52-4B04-BA04-8B725D10D65D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{72B51239-CB4E-4A28-BBB2-3AAE1910F342}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{7B5EE355-64F5-4CEC-B542-C7A9FB99D75E}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{8C7E1017-988F-4BB7-B884-7D5B99A9B63F}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{8E42D33A-AF9A-4054-BA9D-C9DA369A1888}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{9466E68C-06FB-426C-8D7A-DEC3B398E01B}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{A2521EE5-A735-4300-94D5-C94309C07245}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{A33EF76C-ED45-4819-AD14-EEC175E80224}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{A585EF69-C43E-44DF-B9A7-E0AF84217418}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A6A214BE-C632-4C96-9BFA-7B3458CE6357}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{AA9F9376-BDEB-49A7-86F4-4421C135FC0F}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{B2ED403C-0A3A-4D40-B427-5AD9E09FB0E5}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{B509171D-C28B-42B0-95F4-BF57DAFEF6BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B998D24E-C391-41C1-8B4E-D4DA88F1AB19}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{CBF272FA-19E9-439B-B46F-1CDA8E9D663B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CD5635D8-7022-424E-9A83-2D95352C8FE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDEEA943-A4C8-4CE9-ABFD-C6387F50923E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E761FD57-7291-427B-AA6A-192AC0275C40}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{EDF83581-3091-458B-8EDC-15A47C215DBC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{F0FE50FF-7D48-4ADB-9361-13872341297F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F8DD02B2-FF18-4EEA-A65D-9CC40BBC6BE9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F9873D10-E5ED-4140-AC78-4A5736A3A025}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{109E9198-10A1-4909-B017-ED23F360C5E9}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe | 
"TCP Query User{2B6FD104-1935-4993-BFDE-F60A8BD0CC8F}C:\program files\steam\steamapps\ortaloo\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ortaloo\counter-strike source\hl2.exe | 
"TCP Query User{323CA10E-5EFA-4086-A24D-2171E56F30D7}C:\program files\steam\steamapps\ortaloo\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ortaloo\counter-strike source\hl2.exe | 
"TCP Query User{408C2F0B-BAC0-4349-8EFA-4DF13316DD9E}C:\users\kaputtes arschloch\desktop\steam\steamapps\ortaloo\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\kaputtes arschloch\desktop\steam\steamapps\ortaloo\counter-strike source\hl2.exe | 
"TCP Query User{40EDB532-01AC-40CE-A7E5-6BC713DBB59C}C:\users\kaputtes arschloch\appdata\local\temp\3vfjylq3.tmp\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\kaputtes arschloch\appdata\local\temp\3vfjylq3.tmp\loleudownloader.exe | 
"TCP Query User{4BDA8458-D4F6-4530-9E3D-2484FE5625B8}C:\users\kaputtes arschloch\desktop\steam\steamapps\ortaloo\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\kaputtes arschloch\desktop\steam\steamapps\ortaloo\counter-strike source\hl2.exe | 
"TCP Query User{516C57E9-DD87-4D74-89B6-2FF0EE1F3622}C:\users\kaputtes arschloch\desktop\starcraft_2_beta_dede.exe" = protocol=6 | dir=in | app=c:\users\kaputtes arschloch\desktop\starcraft_2_beta_dede.exe | 
"TCP Query User{549472F6-A9F7-416E-9134-4535AC6A4B42}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{78A95E20-A73F-48F5-966E-97ABCA12C781}C:\program files\starcraft ii beta\versions\base14621\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base14621\sc2.exe | 
"TCP Query User{7B9F0FC6-BAF6-47C2-A6B9-93488BF85452}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{A1440B89-DD18-4B65-A7B0-718E4E9A9104}C:\program files\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe | 
"TCP Query User{BBD22CC5-2A2C-4E04-BCAE-3B591187E2CF}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe | 
"TCP Query User{C52C2312-0F4E-44C5-A064-389D70E84F75}C:\users\kaputtes arschloch\desktop\warcraft iii 2.13\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\kaputtes arschloch\desktop\warcraft iii 2.13\warcraft iii\war3.exe | 
"TCP Query User{CCD26FD8-86FE-4AA4-A74A-E54B143FA203}C:\program files\starcraft ii beta\versions\base14593\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base14593\sc2.exe | 
"TCP Query User{FB8B8871-F574-4444-B0D5-F4317B0D8982}C:\program files\starcraft ii beta\versions\base14621\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base14621\sc2.exe | 
"UDP Query User{111C234E-E3F9-48CE-A2C4-A0EDB659D07F}C:\users\kaputtes arschloch\desktop\warcraft iii 2.13\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\kaputtes arschloch\desktop\warcraft iii 2.13\warcraft iii\war3.exe | 
"UDP Query User{17BEC8B2-6BF2-488E-A7C1-1E1BB0429C5F}C:\program files\steam\steamapps\ortaloo\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ortaloo\counter-strike source\hl2.exe | 
"UDP Query User{2292CE56-A6DA-4686-9439-ADB1E3ED233E}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe | 
"UDP Query User{38F79254-B288-4DCF-8552-7122D27AD1AA}C:\program files\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe | 
"UDP Query User{3EE3F687-6C40-4303-BDC3-590115CF0DFD}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe | 
"UDP Query User{41C8DEC4-880D-4331-A66D-D68C6524D4FA}C:\users\kaputtes arschloch\desktop\steam\steamapps\ortaloo\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\kaputtes arschloch\desktop\steam\steamapps\ortaloo\counter-strike source\hl2.exe | 
"UDP Query User{54E862F3-9819-4DAA-B243-4B8AC15D7E3F}C:\users\kaputtes arschloch\desktop\steam\steamapps\ortaloo\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\kaputtes arschloch\desktop\steam\steamapps\ortaloo\counter-strike source\hl2.exe | 
"UDP Query User{65FBE0B2-F1F4-4C95-9858-EB3AF0E75EB7}C:\program files\starcraft ii beta\versions\base14621\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base14621\sc2.exe | 
"UDP Query User{90EA617A-AAF8-4495-A7B1-C4BAB603698B}C:\program files\steam\steamapps\ortaloo\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ortaloo\counter-strike source\hl2.exe | 
"UDP Query User{926DE756-5465-4B36-BC6C-50ECF7501DD9}C:\program files\starcraft ii beta\versions\base14593\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base14593\sc2.exe | 
"UDP Query User{9AC4DA6A-3DD1-4829-AABB-10214B4901E8}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{A0B0AD79-0E21-4F37-B656-A5D6EA3F1C2B}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{C829DE90-A6B0-4A43-BAC8-1963404B3E22}C:\program files\starcraft ii beta\versions\base14621\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base14621\sc2.exe | 
"UDP Query User{E8642304-1CC5-4656-83CF-20238430FB5B}C:\users\kaputtes arschloch\desktop\starcraft_2_beta_dede.exe" = protocol=17 | dir=in | app=c:\users\kaputtes arschloch\desktop\starcraft_2_beta_dede.exe | 
"UDP Query User{FE978E4F-CF70-4077-B986-A7DD0926288C}C:\users\kaputtes arschloch\appdata\local\temp\3vfjylq3.tmp\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\kaputtes arschloch\appdata\local\temp\3vfjylq3.tmp\loleudownloader.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A505FBE1-7175-61A6-FFD4-3273998ACBFE}" = ccc-utility
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (JDownloader Edition) 2.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{EB68307E-4E70-0C63-2CEE-62FA85C88CA6}" = ATI Catalyst Install Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle for Wesnoth 1.7.13-1.8beta6" = Battle for Wesnoth 1.7.13-1.8beta6
"C-Media CM106 Like Sound Driver" = SPEED-LINK Medusa 5.1 USB
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)  
"Dell Webcam Central" = Dell Webcam Central
"ICQToolbar" = ICQ Toolbar
"JDownloader" = JDownloader
"League of Legends_is1" = League of Legends
"LimeWire" = LimeWire 5.5.7
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mumble" = Mumble and Murmur
"NSS" = Norton Security Scan
"StarCraft II Beta" = StarCraft II Beta
"Steam App 240" = Counter-Strike: Source
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Warcraft III" = Warcraft III: All Products
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 16.04.2010 10:12:57 | Computer Name = KaputtesArsch | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2010 11:02:08 | Computer Name = KaputtesArsch | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2010 11:03:03 | Computer Name = KaputtesArsch | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WebcamDell.exe, Version 1.1.3.0, Zeitstempel
 0x4844f8d0, fehlerhaftes Modul WebcamDell.exe, Version 1.1.3.0, Zeitstempel 0x4844f8d0,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000879e,  Prozess-ID 0xc90, Anwendungsstartzeit
 01cade3ee9e2e22f.
 
Error - 19.04.2010 16:37:31 | Computer Name = KaputtesArsch | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\KAPUTT~1\AppData\Local\Temp\RarSFX0\redist.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.04.2010 08:01:42 | Computer Name = KaputtesArsch | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Heroes3.exe, Version 4.0.0.0, Zeitstempel 0x31313931,
 fehlerhaftes Modul mss32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
 0xc0000135, Fehleroffset 0x00009cac,  Prozess-ID 0x9a8, Anwendungsstartzeit 01cae0813c600850.
 
Error - 20.04.2010 08:02:36 | Computer Name = KaputtesArsch | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Safari.exe, Version 5.31.21.10, Zeitstempel 
0x4af39964, fehlerhaftes Modul mumble_ol.dll, Version 0.0.0.0, Zeitstempel 0x4b718f4c,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000127c7,  Prozess-ID 0x1628, Anwendungsstartzeit
 01cade3f64e08e37.
 
Error - 20.04.2010 09:29:33 | Computer Name = KaputtesArsch | Source = Application Hang | ID = 1002
Description = Programm Heroes3.exe, Version 4.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 9bc  Anfangszeit: 01cae08147771530  Zeitpunkt der Beendigung:
 7
 
Error - 20.04.2010 12:09:12 | Computer Name = KaputtesArsch | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
 0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00043387,  Prozess-ID 0x15a0, Anwendungsstartzeit
 01cae046b2b85d80.
 
Error - 20.04.2010 17:09:20 | Computer Name = KaputtesArsch | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WebcamDell.exe, Version 1.1.3.0, Zeitstempel
 0x4844f8d0, fehlerhaftes Modul WebcamDell.exe, Version 1.1.3.0, Zeitstempel 0x4844f8d0,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000879e,  Prozess-ID 0xd40, Anwendungsstartzeit
 01cae0cdaf01e9e1.
 
Error - 20.04.2010 17:09:31 | Computer Name = KaputtesArsch | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 14.04.2010 21:20:40 | Computer Name = KaputtesArsch | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.04.2010 01:01:13 | Computer Name = KaputtesArsch | Source = ipnathlp | ID = 30005
Description = Ein DHCP-Server mit der IP-Adresse 192.168.0.1 wurde von der DHCP-Zuweisung
 im selben Netzwerk gefunden, wie die Schnittstelle mit der IP-Adresse 192.168.0.3.
 Die Zuweisung wurde auf der Schnittstelle automatisch deaktiviert, um DHCP-Clientkonflikte
 zu vermeiden.
 
Error - 15.04.2010 01:01:13 | Computer Name = KaputtesArsch | Source = ipnathlp | ID = 30009
Description = Ein Netzwerkfehler ist bei dem Versuch, durch die DHCP-Zuweisung auf
 die IP-Adresse 0.0.0.0 auf eine Clientanfrage zu antworten, aufgetreten Die Daten
 enthalten den Fehlercode.
 
Error - 15.04.2010 12:42:33 | Computer Name = KaputtesArsch | Source = bowser | ID = 8003
Description = 
 
Error - 16.04.2010 07:33:56 | Computer Name = KaputtesArsch | Source = HTTP | ID = 15016
Description = 
 
Error - 16.04.2010 07:34:05 | Computer Name = KaputtesArsch | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 16.04.2010 07:34:17 | Computer Name = KaputtesArsch | Source = ipnathlp | ID = 30005
Description = Ein DHCP-Server mit der IP-Adresse 192.168.0.1 wurde von der DHCP-Zuweisung
 im selben Netzwerk gefunden, wie die Schnittstelle mit der IP-Adresse 192.168.0.3.
 Die Zuweisung wurde auf der Schnittstelle automatisch deaktiviert, um DHCP-Clientkonflikte
 zu vermeiden.
 
Error - 16.04.2010 07:34:24 | Computer Name = KaputtesArsch | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.04.2010 07:34:50 | Computer Name = KaputtesArsch | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 16.04.2010 10:11:34 | Computer Name = KaputtesArsch | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >

Code

OTL logfile created on: 22.04.2010 03:17:52 - Run 3
OTL by OldTimer - Version 3.2.1.3     Folder = c:\Users\Kaputtes Arschloch\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 171,73 Gb Free Space | 57,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KAPUTTESARSCH
Current User Name: Kaputtes Arschloch
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - c:\Users\Kaputtes Arschloch\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - c:\Users\Kaputtes Arschloch\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Inc)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 22:41:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 22:41:39 | 000,000,000 | ---D | M]
 
[2010.03.21 15:30:30 | 000,000,000 | ---D | M] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Extensions
[2010.03.21 15:30:30 | 000,000,000 | ---D | M] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.04.21 13:29:39 | 000,000,000 | ---D | M] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Firefox\Profiles\luqzq02y.default\extensions
[2010.02.01 08:47:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Firefox\Profiles\luqzq02y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.12 14:16:25 | 000,000,000 | ---D | M] (kikin plugin (JDownloader Edition)) -- C:\Users\Kaputtes Arschloch\AppData\Roaming\mozilla\Firefox\Profiles\luqzq02y.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.04.22 01:48:24 | 000,000,944 | ---- | M] () -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Mozilla\FireFox\Profiles\luqzq02y.default\searchplugins\icqplugin.xml
[2010.04.13 17:00:55 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.13 17:00:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cm106Sound]  File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kaputtes Arschloch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.04.20 22:22:12 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\lspfix
[2010.04.20 07:10:53 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Avira
[2010.04.19 22:39:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.19 22:39:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.19 22:39:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.19 22:39:22 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.19 22:39:22 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.19 22:39:22 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.19 22:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.18 02:06:36 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Mumble
[2010.04.18 02:06:16 | 000,000,000 | ---D | C] -- C:\Programme\Mumble
[2010.04.18 02:05:04 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\mumble
[2010.04.16 18:42:55 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\Warcraft
[2010.04.16 16:12:54 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\pc heroes of might and magic 3 complete
[2010.04.14 15:20:12 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 15:20:11 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 15:20:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 14:58:53 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.13 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\skypePM
[2010.04.13 17:01:01 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Skype
[2010.04.13 17:00:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.04.13 17:00:38 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.04.13 17:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.04.12 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\kikin
[2010.04.12 14:16:19 | 000,000,000 | ---D | C] -- C:\Programme\kikin
[2010.04.12 14:16:05 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.04.12 10:36:04 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\Jdownloader
[2010.03.31 13:39:50 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 13:39:50 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 13:39:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 13:39:50 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 13:39:50 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 13:39:50 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 13:39:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 13:39:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 13:39:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 13:39:50 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 13:39:49 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.30 12:05:53 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Desktop\Musik
[2010.03.29 15:58:13 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\Documents\StarCraft II Beta
[2010.03.29 15:58:13 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Local\Blizzard Entertainment
[2010.03.29 15:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.03.29 15:58:12 | 000,000,000 | ---D | C] -- C:\Programme\StarCraft II Beta
[2010.03.29 15:58:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2010.03.29 15:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.03.29 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\StarCraft II Beta deDE 13891 Installer
[2010.03.29 13:33:42 | 002,764,977 | ---- | C] (Blizzard Entertainment) -- C:\Users\Kaputtes Arschloch\Desktop\StarCraft_2_Beta_deDE.exe
[2010.03.27 19:49:30 | 000,000,000 | ---D | C] -- C:\Users\Kaputtes Arschloch\AppData\Roaming\Logitech
[2010.03.27 19:49:07 | 000,127,034 | R--- | C] (BackWeb Technologies Inc.                         ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
[2010.03.27 19:46:23 | 000,301,656 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\BtCoreIf.dll
[2010.03.27 19:46:17 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\kemutb.dll
[2010.03.27 19:46:17 | 000,141,840 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemUtil.dll
[2010.03.27 19:46:17 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemWnd.dll
[2010.03.27 19:46:17 | 000,076,304 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemXML.dll
[2010.03.27 19:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.03.27 19:45:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Logishrd
[2010.03.27 19:45:54 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.03.27 19:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.01.26 20:43:28 | 814,143,398 | ---- | C] (GOA                                                         ) -- C:\Users\Kaputtes Arschloch\loleusetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.04.22 03:05:14 | 001,572,864 | -HS- | M] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT
[2010.04.22 02:00:37 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.22 02:00:37 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.21 21:38:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.20 23:08:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.20 23:08:21 | 3215,867,904 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.20 23:07:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.20 23:07:03 | 000,524,288 | -HS- | M] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.20 23:07:03 | 000,065,536 | -HS- | M] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.20 23:06:45 | 001,647,444 | -H-- | M] () -- C:\Users\Kaputtes Arschloch\AppData\Local\IconCache.db
[2010.04.20 22:21:40 | 000,201,030 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\lspfix.zip
[2010.04.20 14:01:53 | 000,001,158 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\Heroes3 - Verknüpfung.lnk
[2010.04.19 22:39:37 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.18 23:59:10 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Kaputtes Arschloch.job
[2010.04.18 02:06:54 | 000,002,385 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Documents\MumbleAutomaticCertificateBackup.p12
[2010.04.18 02:06:36 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Mumble (Abwärtskompatibel).lnk
[2010.04.18 02:06:36 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.04.13 17:02:25 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.04.13 17:00:39 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.04.12 14:16:09 | 000,000,854 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\JDownloader.lnk
[2010.04.08 12:36:26 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.08 12:36:26 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.08 12:36:26 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.08 12:36:26 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.08 12:36:26 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.30 12:12:38 | 000,010,752 | ---- | M] () -- C:\Users\Kaputtes Arschloch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.29 16:01:34 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010.03.29 13:33:43 | 002,764,977 | ---- | M] (Blizzard Entertainment) -- C:\Users\Kaputtes Arschloch\Desktop\StarCraft_2_Beta_deDE.exe
[2010.03.27 19:49:09 | 000,002,260 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010.03.27 19:49:07 | 000,127,034 | R--- | M] (BackWeb Technologies Inc.                         ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
[2010.03.27 19:47:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.03.27 19:47:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010.03.27 19:46:23 | 000,001,833 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.03.27 19:46:23 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2010.03.25 19:06:50 | 000,028,033 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\Deutsch-LK Übungen.odt
[2010.03.24 16:10:17 | 000,028,496 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\Luisa.odt
[2010.03.23 18:32:48 | 000,052,409 | ---- | M] () -- C:\Users\Kaputtes Arschloch\Desktop\Jn6pKbptAfz7.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.04.20 22:21:39 | 000,201,030 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\lspfix.zip
[2010.04.20 14:01:53 | 000,001,158 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\Heroes3 - Verknüpfung.lnk
[2010.04.19 22:39:37 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.18 02:06:54 | 000,002,385 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Documents\MumbleAutomaticCertificateBackup.p12
[2010.04.18 02:06:36 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Mumble (Abwärtskompatibel).lnk
[2010.04.18 02:06:36 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.04.13 17:02:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.13 17:00:39 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.04.12 14:16:09 | 000,000,854 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\JDownloader.lnk
[2010.03.29 15:58:13 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010.03.27 19:49:09 | 000,002,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010.03.27 19:47:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.03.27 19:47:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010.03.27 19:46:23 | 000,001,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.03.27 19:46:23 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2010.03.24 01:48:16 | 000,028,496 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\Luisa.odt
[2010.03.23 18:32:48 | 000,052,409 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\Jn6pKbptAfz7.png
[2010.03.23 18:08:08 | 000,028,033 | ---- | C] () -- C:\Users\Kaputtes Arschloch\Desktop\Deutsch-LK Übungen.odt
[2010.02.20 21:04:38 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll
[2010.02.20 21:03:42 | 000,000,342 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2010.02.20 21:03:41 | 000,241,664 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010.02.20 21:03:41 | 000,003,329 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.02.20 21:03:41 | 000,000,869 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2010.02.20 21:03:41 | 000,000,335 | ---- | C] () -- C:\Windows\cm106.ini
[2010.02.19 10:21:25 | 000,010,752 | ---- | C] () -- C:\Users\Kaputtes Arschloch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.26 20:24:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.26 20:24:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.01.26 18:47:01 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010.01.26 15:42:23 | 000,000,680 | ---- | C] () -- C:\Users\Kaputtes Arschloch\AppData\Local\d3d9caps.dat
[2010.01.26 15:42:22 | 000,000,020 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\ntuser.ini
[2010.01.26 15:42:21 | 001,572,864 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT
[2010.01.26 15:42:21 | 000,524,288 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.01.26 15:42:21 | 000,524,288 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.01.26 15:42:21 | 000,262,144 | -H-- | C] () -- C:\Users\Kaputtes Arschloch\ntuser.dat.LOG1
[2010.01.26 15:42:21 | 000,065,536 | -HS- | C] () -- C:\Users\Kaputtes Arschloch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.01.26 15:42:21 | 000,000,000 | -H-- | C] () -- C:\Users\Kaputtes Arschloch\ntuser.dat.LOG2
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.05.06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1998.10.11 02:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< :OTL >[/color]
 
[color=#A23BEC]< PRC - C:\Users\Public\infocard.exe () >[/color]
 
[color=#A23BEC]< O4 - HKCU..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe () >[/color]
 
[color=#A23BEC]< :Files >[/color]
 
[color=#A23BEC]< C:\Users\Public\infocard.exe >[/color]
 
[color=#A23BEC]< :Commands >[/color]
 
[color=#A23BEC]< [purity] >[/color]
 
[color=#A23BEC]< [emptytemp] >[/color]
 
[color=#A23BEC]<  >[/color]
< End of report >

#19 Da ging wohl was falsch

Arbeite Schritt 3 genau nach Anleitung durch. Du hast vermutlich nicht auf den RUN FIX Button geklickt nach dem du das Script hineinkopiert hast. Also lies die Anleitung genau.
http://board.protecus.de/t34615-2.htm#339280

Danach noch die Schritte 4 und 5.