keine internetverbindung mehr mit programmen nach malware virus

#1 Hey Leute,
ich brauche dringend Hilfe.
Ich hatte einen malware virus auf meinem computer , habe ihn aber erfolgreich mit microsoft security essentials entfernt.
Jetzt komme ich nur noch mit Mozilla Firefox ins internet, die anderen Webbrowser funktionieren nicht mehr, außerdem komme ich auch nicht mehr mit normalen programmen ins Internet(i tunes store, winamp web radio, etc.)
Die Programme melden mir das ich keine Internetverbindung habe, dabei komme ich ja mit Firefox ins Internet.
Ich habe Windows XP.
Ich bin nicht so der Crack, deswegen weis ich nicht, was ihr sonst noch für angaben braucht.

Bitte helft mir!
MFG Max

#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Zitat

habe ihn aber erfolgreich mit microsoft security essentials entfernt.

Das denke ich noch nicht


Schritt 1

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.



Schritt 2 (Sollte ja mit Firefox gehen)

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.

#3 Hey, danke dass du mir so schnell geholfen hast!

Code

OTL logfile created on: 17.03.2010 20:57:06 - Run 1
OTL by OldTimer - Version 3.1.37.2     Folder = C:\Dokumente und Einstellungen\Max\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 350,42 Gb Total Space | 265,09 Gb Free Space | 75,65% Space Free | Partition Type: NTFS
Drive D: | 350,38 Gb Total Space | 219,04 Gb Free Space | 62,52% Space Free | Partition Type: NTFS
Drive E: | 230,69 Gb Total Space | 124,59 Gb Free Space | 54,01% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 3,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAX
Current User Name: Max
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Dokumente und Einstellungen\Max\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft)
PRC - C:\Programme\MagicTune Premium\MagicTune.exe (SEC)
PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
PRC - C:\Programme\MagicTune Premium\GammaTray.exe ()
PRC - C:\WINDOWS\system32\CmUCREye.exe ()
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Dokumente und Einstellungen\Max\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MagicTuneEngine) -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Programme\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (CMISTOR) -- C:\WINDOWS\system32\drivers\cmiucr.SYS (C-Media Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (USBFVNETR) USB FastVNET (AR) -- C:\WINDOWS\system32\drivers\vnetusbr.sys (ATMEL)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.16 13:18:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.16 12:45:39 | 000,000,000 | ---D | M]
 
[2010.01.17 00:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Extensions
[2010.01.17 00:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.03.16 00:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\k6co75e5.default\extensions
[2010.01.12 16:18:47 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\k6co75e5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.01.08 14:13:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\k6co75e5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.12 16:18:55 | 000,001,201 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\k6co75e5.default\searchplugins\winamp-search.xml
[2010.03.16 00:27:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.03.16 12:45:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 12:45:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.16 12:45:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.16 12:45:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.16 12:45:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()
O4 - HKLM..\Run: [MSSE] c:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Programme\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GammaTray.lnk = C:\Programme\MagicTune Premium\GammaTray.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Max\Startmenü\Programme\Autostart\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.30 21:58:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.11.18 21:59:22 | 000,000,000 | R--D | M] - G:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2004.11.18 21:25:54 | 000,684,032 | R--- | M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2004.11.18 21:58:27 | 000,000,103 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2004.11.14 15:08:54 | 000,929,792 | R--- | M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{091f429a-f61f-11de-95c1-0012bf50b2f1}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{fc026181-f58a-11de-ab36-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{fc026181-f58a-11de-ab36-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc026181-f58a-11de-ab36-806d6172696f}\Shell\AutoRun\command - "" = G:\setup.exe -- [2004.10.29 11:22:40 | 000,110,592 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.03.17 18:34:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
[2010.03.17 17:51:52 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.03.16 16:20:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Petroglyph
[2010.03.16 16:15:52 | 000,000,000 | ---D | C] -- C:\Programme\LucasArts
[2010.03.15 22:08:23 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.04 23:36:58 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010.03.04 23:36:28 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.03.04 23:36:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.03.02 16:11:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Application Data
[2010.02.24 16:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.02.23 16:31:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\SystemRequirementsLab
[2010.02.23 16:30:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.02.23 16:21:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Max\IETldCache
[2010.02.23 15:57:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.02.23 15:54:18 | 000,000,000 | ---D | C] -- C:\Programme\Safari
[2010.02.21 13:55:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\CyberLink
[2010.02.21 13:55:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\CyberLink
[2010.02.21 13:54:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink
[2010.02.21 13:54:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\CyberLink
[2010.02.21 13:52:28 | 000,000,000 | ---D | C] -- C:\Programme\CyberLink
[2010.02.21 13:51:34 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.02.21 13:51:34 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.02.21 13:51:34 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010.02.21 13:51:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2010.02.20 22:41:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Gas Powered Games
[2010.02.19 18:53:29 | 000,000,000 | ---D | C] -- C:\temp
[2010.02.19 18:52:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Media Center Programs
[2010.02.01 15:59:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.01.16 13:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Mozilla
[2010.01.16 12:34:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2010.01.03 13:58:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.12.30 22:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.12.30 21:58:17 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2009.12.30 21:58:17 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.03.17 18:19:56 | 000,001,845 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Schlacht um Mittelerde(tm).lnk
[2010.03.17 17:51:52 | 000,001,706 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\HijackThis.lnk
[2010.03.17 14:09:56 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.03.17 14:04:48 | 000,175,033 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.03.17 14:04:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.17 14:04:37 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Lzdjlc.job
[2010.03.17 14:04:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.17 01:40:32 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Max\ntuser.ini
[2010.03.17 01:40:31 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Max\NTUSER.DAT
[2010.03.16 22:22:54 | 000,001,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\DivX Movies.lnk
[2010.03.16 16:16:00 | 000,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\Star Wars Empire at War.lnk
[2010.03.16 15:23:43 | 000,002,425 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LOST PLANET COLONIES.lnk
[2010.03.16 14:02:29 | 000,137,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.03.15 22:18:44 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.15 22:16:47 | 000,000,806 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2010.03.15 22:05:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.05 13:54:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.03.04 23:49:47 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.03.02 23:20:06 | 016,888,320 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Living in Cuba.ppt
[2010.03.02 22:32:29 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.02 22:20:33 | 000,518,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\354088694_3933645a57_o.jpg
[2010.03.02 22:12:15 | 000,005,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Cuba_flag.jpg.gif
[2010.03.02 21:58:42 | 000,015,932 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\dentista.jpg
[2010.03.02 21:55:12 | 000,020,798 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\big_cuban_cigar.jpg
[2010.03.02 21:53:02 | 000,078,674 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\pd1400953.jpg
[2010.03.02 21:51:51 | 000,058,987 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\IMG_2585.JPG
[2010.03.02 21:36:45 | 000,071,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\drei_cuc.jpg
[2010.03.02 21:36:23 | 000,286,613 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\tres_peso_con_che.jpg
[2010.03.02 21:36:00 | 000,155,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\cuc-cuban-convertible-peso-notes-bills-front-3-10-20.jpg
[2010.03.02 21:32:40 | 000,225,029 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Old_Havana_Cuba.jpg
[2010.03.02 21:29:11 | 002,388,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\1584241.jpg
[2010.03.02 21:17:04 | 000,084,326 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\112_2146-monalisa1.jpg
[2010.03.01 21:52:26 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Living in Cuba.doc
[2010.03.01 21:51:17 | 000,023,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\CubaHandout.doc
[2010.03.01 20:31:08 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Umwelt.doc
[2010.02.28 20:19:54 | 000,037,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Lebensstandard.doc
[2010.02.28 14:33:27 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Taufspruch.doc
[2010.02.28 14:03:51 | 000,030,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\logo neu.jpg
[2010.02.24 16:57:19 | 000,059,381 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Dirk_gruen1_zugeschnitten.JPG
[2010.02.24 16:27:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.24 16:03:02 | 000,007,514 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Kontakte für maxwellgangster (hotmail).ctt
[2010.02.24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.02.23 15:54:23 | 000,001,846 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2010.02.21 13:54:55 | 000,001,721 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CyberLink PowerDVD 9.lnk
[2010.02.21 13:51:22 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010.02.21 13:51:21 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.02.21 13:51:21 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.02.19 18:53:22 | 000,002,017 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Supreme Commander.lnk
[2010.02.17 16:35:33 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Psalm 139.doc
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.03.17 18:19:56 | 000,001,845 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Schlacht um Mittelerde(tm).lnk
[2010.03.17 17:51:52 | 000,001,706 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Desktop\HijackThis.lnk
[2010.03.16 16:25:55 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Desktop\Star Wars Empire at War.lnk
[2010.03.16 00:19:39 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.03.04 23:37:03 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.03.02 22:53:13 | 016,888,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Living in Cuba.ppt
[2010.03.02 22:20:33 | 000,518,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\354088694_3933645a57_o.jpg
[2010.03.02 22:12:15 | 000,005,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Cuba_flag.jpg.gif
[2010.03.02 21:58:42 | 000,015,932 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\dentista.jpg
[2010.03.02 21:55:11 | 000,020,798 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\big_cuban_cigar.jpg
[2010.03.02 21:53:01 | 000,078,674 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\pd1400953.jpg
[2010.03.02 21:51:51 | 000,058,987 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\IMG_2585.JPG
[2010.03.02 21:36:45 | 000,071,961 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\drei_cuc.jpg
[2010.03.02 21:36:22 | 000,286,613 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\tres_peso_con_che.jpg
[2010.03.02 21:35:59 | 000,155,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\cuc-cuban-convertible-peso-notes-bills-front-3-10-20.jpg
[2010.03.02 21:32:40 | 000,225,029 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Old_Havana_Cuba.jpg
[2010.03.02 21:29:10 | 002,388,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\1584241.jpg
[2010.03.02 21:17:03 | 000,084,326 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\112_2146-monalisa1.jpg
[2010.03.01 17:46:22 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\CubaHandout.doc
[2010.03.01 17:45:59 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Umwelt.doc
[2010.02.28 17:34:39 | 000,033,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Living in Cuba.doc
[2010.02.28 14:33:27 | 000,020,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Taufspruch.doc
[2010.02.28 14:03:50 | 000,030,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\logo neu.jpg
[2010.02.24 16:57:18 | 000,059,381 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Dirk_gruen1_zugeschnitten.JPG
[2010.02.24 16:03:02 | 000,007,514 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Kontakte für maxwellgangster (hotmail).ctt
[2010.02.23 15:54:23 | 000,001,846 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2010.02.21 18:25:00 | 000,037,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Lebensstandard.doc
[2010.02.21 13:54:55 | 000,001,721 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CyberLink PowerDVD 9.lnk
[2010.02.19 18:53:22 | 000,002,017 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Supreme Commander.lnk
[2010.02.17 16:35:33 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Psalm 139.doc
[2010.02.14 15:26:46 | 000,057,856 | RHS- | C] () -- C:\WINDOWS\System32\ds32gtp.dll
[2010.01.31 17:23:05 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.01.31 17:23:05 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.01.06 19:44:37 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.02 22:44:08 | 000,137,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.02 22:44:07 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\PnkBstrK.sys
[2010.01.02 21:03:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.01.02 00:13:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.31 15:47:07 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll
[2009.12.31 15:47:06 | 000,000,066 | R--- | C] () -- C:\WINDOWS\CMICARDREADER.INI
[2009.12.31 13:59:08 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009.12.31 13:59:08 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009.12.31 13:59:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2008.04.11 10:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.04.11 10:33:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.04.11 10:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.04.11 10:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.04.11 10:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

Code

OTL Extras logfile created on: 17.03.2010 20:57:06 - Run 1
OTL by OldTimer - Version 3.1.37.2     Folder = C:\Dokumente und Einstellungen\Max\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 350,42 Gb Total Space | 265,09 Gb Free Space | 75,65% Space Free | Partition Type: NTFS
Drive D: | 350,38 Gb Total Space | 219,04 Gb Free Space | 62,52% Space Free | Partition Type: NTFS
Drive E: | 230,69 Gb Total Space | 124,59 Gb Free Space | 54,01% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 3,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAX
Current User Name: Max
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"C:\Programme\802.11 Wireless LAN\WlanMonitor.exe" = C:\Programme\802.11 Wireless LAN\WlanMonitor.exe:*:Disabled:WlanMonitor -- ()
"C:\Programme\MagicTune Premium\MagicTune.exe" = C:\Programme\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Programme\Electronic Arts\Dead Space\Dead Space.exe" = C:\Programme\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™ -- ()
"C:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"C:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Alcohol 120\Virtuell\Call of Duty - Modern Warfare\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Alcohol 120\Virtuell\Call of Duty - Modern Warfare\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp -- ()
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe" = C:\Programme\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe:*:Enabled:LOSTPLANETCOLONIES_DX9 -- (CAPCOM CO., LTD.)
"C:\Programme\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe" = C:\Programme\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe:*:Enabled:LOSTPLANETCOLONIES_DX10 -- (CAPCOM CO., LTD.)
"C:\Programme\Steamless Left4Dead Pack\left4dead.exe" = C:\Programme\Steamless Left4Dead Pack\left4dead.exe:*:Enabled:left4dead -- ()
"C:\Programme\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe" = C:\Programme\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander -- (Gas Powered Games)
"C:\Programme\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Programme\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander -- (Gas Powered Games)
"C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Programme\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Programme\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe" = C:\Programme\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde (tm) -- ()
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0C50CE0-0371-11D6-8537-00A0C930C1A2}" = 802.11 Wireless LAN
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"G3QP231012008_is1" = Questpaket 4 Update 1 Deinstallation
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LimeWire" = LimeWire 5.4.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Steamless Left4Dead Pack" = Steamless Left4Dead Pack
"Streamripper" = Streamripper (Remove only)
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DivXCodec" = DivX Codec
"Winamp Detect" = Winamp Anwendungserkennung
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 01.02.2010 10:59:52 | Computer Name = MAX | Source = MSSecurityEssentials | ID = 5000
Description = 
 
Error - 04.02.2010 12:20:40 | Computer Name = MAX | Source = Windows Live Messenger | ID = 1000
Description = 
 
Error - 05.02.2010 18:53:22 | Computer Name = MAX | Source = Windows Live Messenger | ID = 1000
Description = 
 
Error - 06.02.2010 07:18:44 | Computer Name = MAX | Source = Windows Live Messenger | ID = 1000
Description = 
 
Error - 11.02.2010 17:39:08 | Computer Name = MAX | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
 P2 1.1.5406.0, P3 1.75.657.0, P4 1.75.657.0, P5 002ab1c1-0000-0000-0000-000000000000_d80774b3c3ce76c229e3867dbe3bcc105b260e1b,
 P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 12.02.2010 10:10:19 | Computer Name = MAX | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
 P2 1.1.5406.0, P3 1.75.657.0, P4 1.75.657.0, P5 002ab1c1-0000-0000-0000-000000000000_d80774b3c3ce76c229e3867dbe3bcc105b260e1b,
 P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 12.02.2010 12:52:41 | Computer Name = MAX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung white.exe, Version 1.2.0.0, fehlgeschlagenes
 Modul white.exe, Version 1.2.0.0, Fehleradresse 0x0000d544.
 
Error - 12.02.2010 13:50:42 | Computer Name = MAX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 11.0.5721.5145, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.02.2010 13:54:26 | Computer Name = MAX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 11.0.5721.5145, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 13.02.2010 07:28:52 | Computer Name = MAX | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.0.6212.0,
 P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
 P8 NIL, P9 NIL, P10 NIL.
 
[ System Events ]
Error - 04.03.2010 18:57:07 | Computer Name = MAX | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\D gefunden.
 
Error - 04.03.2010 18:57:07 | Computer Name = MAX | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\D gefunden.
 
Error - 04.03.2010 19:18:26 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 05.03.2010 09:26:17 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 15.03.2010 17:14:32 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 15.03.2010 20:05:41 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.03.2010 08:54:44 | Computer Name = MAX | Source = DCOM | ID = 10010
Description = Der Server "{DC0C2640-1415-4644-875C-6F4D769839BA}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.03.2010 09:05:28 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.03.2010 20:40:16 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 17.03.2010 15:52:22 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >

#4 Schritt 1

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren => BitTorrent DNA

Zitat

Limewire

Schritt 2

C:\Programme\Bonjour\mDNSResponder.exe

Bei Dir läuft Bonjour, welches von Apple ungefragt z. B. bei iTunes oder Safari-Browser mitinstalliert wird. Das Programm wird von vielen Usern gar nicht gebraucht. Ich habe bei Wikipedia ausführliche Informationen zu dem Programm Bonjour gefunden und beschreibe Dir im Anschluss, wie man das Programm wieder deinstallieren kann, falls das über den normalen Weg Systemsteuerung - Software nicht möglich ist. Solltest Du es nicht brauchen, bitte zunächst versuchen, es über Systemsteuerung => Software zu deinstallieren. Sollte das nicht möglich sein, fahre wie folgt fort:

• Start => ausführen => dort reinschreiben: services.msc => OK => es öffnet sich das "Dienste"-Fenster.
"Bonjour Dienst" in der Liste auswählen und "Beenden" ausführen.
• Kommandozeile öffnen: Start => ausführen => cmd reinschreiben
und ins Verzeichnis "<Systemvolume>\Programme\Bonjour" wechseln,
z. B. mit dem Kommando: cd "C:\Programme\Bonjour"
• Folgendes Kommando eingeben: mDNSResponder -remove
• Danach kannst Du den Ordner C:\Programme\Bonjour löschen.

Wenn das so nicht klappt, gehe auf diese Seite, lade Dir lspfix.zip runter und entpacke das Archiv auf Deinen Desktop. Wenn Du kein Zip-Programm hast, kannst Du auch LSPFix.exe und spfix.txt runterladen. Starte LSPFix.exe, schiebe mit dem >>-Button die mdnsnsp.dll nach rechts, da sie muss raus, hake "I know what i'm doing" an und klicke auf "Finish". Rechner neu starten. Der Ordner C:\Programme\Bonjour\ sollte sich nun löschen lassen.


Schritt 3

Download Deljob zum Desktop
Doppelklick: Deljob.exe
Ein logfile wird sich oeffnen (logit.txt)
Kopiere den Inhalt des Berichts “ logit.txtin diesen Thread


Schritt 4

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

#5 So, ich hab limewire mal extra für dich deinstalliert...

[CODE]--------------------------------------------------------
No LOP job-files found
--------------------------------------------------------
Files in Windows Tasks folder

AppleSoftwareUpdate.job
MP Scheduled Scan.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Datentr„ger in Laufwerk C: ist BOOT-1TB
Volumeseriennummer: 9E7C-EC80

Verzeichnis von C:\ProgramData

02.01.2010 21:49 <DIR> .
02.01.2010 21:49 <DIR> ..
02.01.2010 21:49 <DIR> ELECTR~1 Electronic Arts
0 Datei(en) 0 Bytes
3 Verzeichnis(se), 251.167.821.824 Bytes frei
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
All Users
Max
--------------------------------------------------------
[CODE/]

Ich hab ein Problem beim aktualisierren von MBAM!
Fehlercode: 732 (12029, 0)

Habe alles gemacht, die situation ist aber immer noch unverändert...

#6 Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.
• BleepingComputer
• ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte füge das C:\ComboFix.txt Log in deiner Antwort im Forum bei, so dass wir uns diese analysieren können.

#7

Code

ComboFix 10-03-21.04 - Max 22.03.2010  15:09:01.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2046.1571 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Max\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-02-22 bis 2010-03-22  ))))))))))))))))))))))))))))))
.

2010-03-22 13:37 . 2010-03-22 13:37    --------    d-----w-    c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Identities
2010-03-21 19:12 . 2010-03-21 19:22    --------    d-----w-    C:\Root
2010-03-21 19:12 . 2010-03-21 19:12    --------    d-----w-    c:\programme\Activision
2010-03-21 19:11 . 2010-03-21 19:11    --------    d-sh--w-    c:\windows\ftpcache
2010-03-21 18:18 . 2010-03-21 18:18    239616    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\LocalCopy\{ED9955B2-ABDC-5C14-1837-A7781AD08893}-TagesClient.dll
2010-03-21 18:18 . 2010-03-21 18:18    239616    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\LocalCopy\{7CA34704-F07F-485D-28D7-3A954877B230}-TagesClient.dll
2010-03-19 18:09 . 2010-03-21 21:13    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tages
2010-03-19 17:57 . 2010-03-19 17:57    239616    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\LocalCopy\{7FD17A02-AB70-9956-372C-28B94097AFE4}-TagesClient.dll
2010-03-19 17:14 . 2010-03-19 17:14    --------    d-----w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\Malwarebytes
2010-03-19 17:14 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 17:13 . 2010-03-19 17:13    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-03-19 17:13 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-19 17:13 . 2010-03-19 17:14    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2010-03-19 02:36 . 2010-03-19 02:36    --------    d-----w-    c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Rockstar Games
2010-03-19 02:35 . 2010-03-19 02:35    --------    d--h--r-    c:\dokumente und einstellungen\Max\Anwendungsdaten\SecuROM
2010-03-19 02:27 . 2010-03-19 02:27    --------    d-----w-    c:\programme\Microsoft Games for Windows - LIVE
2010-03-19 02:11 . 2010-03-19 02:12    --------    d-----w-    c:\programme\Rockstar Games
2010-03-18 12:47 . 2010-03-18 12:47    --------    d-----w-    c:\programme\VALVe
2010-03-18 12:41 . 2010-03-18 12:41    --------    d-----w-    c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Conduit
2010-03-18 12:41 . 2010-03-18 12:41    --------    d-----w-    c:\programme\Conduit
2010-03-18 12:41 . 2010-03-18 12:41    --------    d-----w-    c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\DigitalPowered
2010-03-18 12:41 . 2010-03-18 12:41    --------    d-----w-    c:\programme\DigitalPowered
2010-03-18 12:37 . 2010-03-18 18:02    --------    d-----w-    c:\programme\Counter-Strike 1.6 V40
2010-03-18 12:31 . 2008-04-13 18:45    32128    -c--a-w-    c:\windows\system32\dllcache\usbccgp.sys
2010-03-18 12:31 . 2008-04-13 18:45    32128    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2010-03-18 12:30 . 2008-08-26 15:17    113664    ----a-w-    c:\windows\system32\drivers\ewusbnet.sys
2010-03-18 12:30 . 2008-07-24 11:02    101376    ----a-w-    c:\windows\system32\drivers\ewusbmdm.sys
2010-03-18 12:30 . 2008-04-14 08:36    621056    ----a-w-    c:\windows\system32\drivers\mod7700.sys
2010-03-18 12:30 . 2007-08-09 03:13    24448    ----a-w-    c:\windows\system32\drivers\ewdcsc.sys
2010-03-18 12:29 . 2010-03-18 12:32    --------    d-----w-    c:\programme\Mobile Partner
2010-03-17 20:27 . 2010-03-17 20:33    --------    d-----w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\Meine Die Schlacht um Mittelerde™ II-Dateien
2010-03-17 17:34 . 2010-03-17 17:40    --------    d-----w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
2010-03-17 16:51 . 2010-03-17 16:51    --------    d-----w-    c:\programme\Trend Micro
2010-03-16 15:20 . 2010-03-16 15:20    --------    d-----w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\Petroglyph
2010-03-16 15:15 . 2010-03-16 15:15    --------    d-----w-    c:\programme\LucasArts
2010-03-15 21:17 . 2010-03-15 21:17    43528    ----a-w-    c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-15 21:08 . 2009-10-23 15:28    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2010-03-04 22:36 . 2009-05-18 13:17    26600    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-04 22:36 . 2008-04-17 12:12    107368    ----a-w-    c:\windows\system32\GEARAspi.dll
2010-03-04 22:36 . 2010-03-04 22:36    --------    d-----w-    c:\programme\iPod
2010-03-04 22:36 . 2010-03-04 22:36    --------    d-----w-    c:\programme\iTunes
2010-02-24 15:27 . 2010-02-24 15:27    --------    d-----w-    c:\windows\ie8updates
2010-02-24 14:52 . 2009-12-21 19:04    246272    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2010-02-24 14:52 . 2009-12-21 19:05    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2010-02-23 15:31 . 2010-02-23 15:31    --------    d-----w-    c:\dokumente und einstellungen\Max\SystemRequirementsLab
2010-02-23 15:30 . 2010-02-23 15:30    --------    d-----w-    c:\windows\Sun
2010-02-23 15:21 . 2010-02-23 15:21    --------    d-sh--w-    c:\dokumente und einstellungen\NetworkService\IETldCache
2010-02-23 15:21 . 2010-02-23 15:21    --------    d-sh--w-    c:\dokumente und einstellungen\Max\IETldCache
2010-02-23 14:57 . 2010-02-23 14:59    --------    dc-h--w-    c:\windows\ie8
2010-02-23 14:54 . 2010-02-23 14:54    --------    d-----w-    c:\programme\Safari
2010-02-21 12:55 . 2010-02-21 12:55    --------    d-----w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\CyberLink
2010-02-21 12:54 . 2010-02-21 12:54    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\CyberLink
2010-02-21 12:54 . 2010-02-21 12:54    --------    d-----w-    c:\programme\Gemeinsame Dateien\CyberLink
2010-02-21 12:52 . 2010-02-21 12:54    --------    d-----w-    c:\programme\CyberLink
2010-02-21 12:51 . 2010-02-21 12:51    29480    ----a-w-    c:\windows\system32\msxml3a.dll
2010-02-21 12:51 . 2010-02-21 12:51    505128    ----a-w-    c:\windows\system32\msvcp71.dll
2010-02-21 12:51 . 2010-02-21 12:51    353576    ----a-w-    c:\windows\system32\msvcr71.dll
2010-02-21 12:51 . 2010-02-21 12:51    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Temp
2010-02-21 12:51 . 2010-02-21 12:51    53319    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-02-20 21:41 . 2010-02-20 21:41    --------    d-----w-    c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Gas Powered Games

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 21:13 . 2009-12-30 23:59    --------    d--h--w-    c:\programme\InstallShield Installation Information
2010-03-19 18:31 . 2010-01-02 20:41    --------    d-----w-    c:\programme\Electronic Arts
2010-03-19 18:06 . 2010-01-31 16:23    281760    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2010-03-19 18:06 . 2010-01-31 16:23    25888    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2010-03-19 18:03 . 2010-01-02 21:40    --------    d-----w-    c:\programme\Ubisoft
2010-03-18 23:34 . 2010-01-11 22:37    --------    d-----w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\Winamp
2010-03-18 14:16 . 2004-08-04 12:00    81126    ----a-w-    c:\windows\system32\perfc007.dat
2010-03-18 14:16 . 2004-08-04 12:00    452300    ----a-w-    c:\windows\system32\perfh007.dat
2010-03-17 22:17 . 2010-01-02 21:44    137688    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-03-17 22:17 . 2010-01-02 21:43    202040    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-03-17 17:14 . 2010-01-08 14:48    --------    d-----w-    c:\programme\EA GAMES
2010-03-16 21:23 . 2010-01-14 15:07    --------    d-----w-    c:\programme\DivX
2010-03-15 21:17 . 2010-01-01 22:11    --------    d-----w-    c:\programme\Microsoft Security Essentials
2010-03-04 22:36 . 2010-01-02 00:57    --------    d-----w-    c:\programme\Gemeinsame Dateien\Apple
2010-02-24 09:16 . 2010-01-01 22:15    181632    ------w-    c:\windows\system32\MpSigStub.exe
2010-02-19 17:52 . 2010-02-19 17:52    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Media Center Programs
2010-02-19 17:44 . 2010-01-02 12:32    --------    d-----w-    c:\programme\THQ
2010-02-19 16:08 . 2010-02-13 18:30    --------    d-----w-    c:\programme\Steamless Left4Dead Pack
2010-02-14 14:26 . 2010-02-14 14:26    57856    --sha-r-    c:\windows\system32\ds32gtp.dll
2010-02-14 14:26 . 2010-02-14 14:26    --------    d-----w-    c:\programme\DivX Codec
2010-02-07 20:17 . 2010-02-07 20:17    --------    d-----w-    c:\programme\Act-3D
2010-02-06 17:50 . 2010-02-06 17:50    --------    d-----w-    c:\programme\CAPCOM
2010-01-31 19:14 . 2010-01-31 19:14    --------    d-----w-    c:\programme\Lionhead Studios
2010-01-31 16:47 . 2010-01-31 16:17    --------    d-----w-    c:\programme\Gothic III
2010-01-22 18:51 . 2010-01-22 18:51    72488    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-20 15:25 . 2010-01-20 15:25    152576    ----a-w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-20 15:25 . 2010-01-20 15:25    79488    ----a-w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-16 23:08 . 2010-01-16 23:08    152576    ----a-w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\Sun\Java\jre1.6.0_16\lzma.dll
2010-01-11 22:14 . 2010-01-02 00:57    36576    ---ha-w-    c:\windows\system32\mlfcache.dat
2010-01-09 14:14 . 2010-01-09 14:02    444952    ----a-w-    c:\windows\system32\wrap_oal.dll
2010-01-09 14:14 . 2010-01-09 14:02    109080    ----a-w-    c:\windows\system32\OpenAL32.dll
2010-01-08 15:01 . 2010-01-08 14:51    1245    ----a-w-    c:\windows\eReg.dat
2010-01-08 14:51 . 2010-01-08 14:54    729088    ----a-w-    c:\windows\iun6002.exe
2010-01-04 13:41 . 2009-12-31 12:48    43528    ----a-w-    c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-01-03 11:52 . 2009-12-30 20:57    76487    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-02 21:44 . 2010-01-02 21:44    22328    ----a-w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\PnkBstrK.sys
2010-01-02 21:44 . 2010-01-02 21:44    22328    ----a-w-    c:\dokumente und einstellungen\Max\Anwendungsdaten\PnkBstrK.sys
2010-01-02 21:43 . 2010-01-02 21:43    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2010-01-02 21:43 . 2010-01-02 21:43    2250024    ----a-w-    c:\windows\system32\pbsvc.exe
2010-01-02 21:15 . 2010-01-02 21:15    107888    ----a-w-    c:\windows\system32\CmdLineExt.dll
2010-01-02 20:03 . 2010-01-02 20:03    691696    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-12-31 16:50 . 2004-08-04 12:00    353792    ----a-w-    c:\windows\system32\drivers\srv.sys
2009-12-31 15:19 . 2009-12-31 15:19    294912    ----a-w-    c:\windows\HideWin.exe
2009-12-31 14:34 . 2009-12-31 14:34    0    ----a-w-    c:\windows\nsreg.dat
2009-12-30 20:55 . 2009-12-30 20:55    21740    ----a-w-    c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b317125e-2f10-4388-bf1f-2c31c6cd89ed}"= "c:\programme\DigitalPowered\tbDigi.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOT\clsid\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}]
2009-05-20 17:05    2085400    ----a-w-    c:\programme\DigitalPowered\tbDigi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b317125e-2f10-4388-bf1f-2c31c6cd89ed}"= "c:\programme\DigitalPowered\tbDigi.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOT\clsid\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13524992]
"nwiz"="nwiz.exe" [2008-04-11 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-11 86016]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"MSSE"="c:\programme\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-11-10 417792]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-12-21 39424]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"RemoteControl9"="c:\programme\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\programme\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\programme\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
GammaTray.lnk - c:\programme\MagicTune Premium\GammaTray.exe [2010-1-16 36864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\802.11 Wireless LAN\\WlanMonitor.exe"=
"c:\\Programme\\MagicTune Premium\\MagicTune.exe"=
"c:\\Programme\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Programme\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programme\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programme\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Alcohol 120\\Virtuell\\Call of Duty - Modern Warfare\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programme\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX9.exe"=
"c:\\Programme\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX10.exe"=
"c:\\Programme\\Steamless Left4Dead Pack\\left4dead.exe"=
"c:\\Programme\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Programme\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Programme\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Programme\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"c:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=
"c:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"c:\\Programme\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Programme\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Programme\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programme\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Programme\\Activision\\Prototype\\prototypef.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/21 13:54];c:\programme\CyberLink\PowerDVD9\000.fcl [01.09.2009 16:59 87536]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [31.12.2009 15:47 69248]
R3 USBFVNETR;USB FastVNET (AR);c:\windows\system32\drivers\vnetusbr.sys [01.01.2010 22:55 78592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.01.2010 21:03 691696]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [31.12.2009 13:59 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [31.12.2009 13:59 3072]
.
Inhalt des "geplante Tasks" Ordners

2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &Winamp Search - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\k6co75e5.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - component: c:\dokumente und einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\k6co75e5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-EA Core - c:\programme\Electronic Arts\EADM\Core.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 15:12
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\programme\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1960408961-630328440-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:1d,bb,a2,41,ae,27,9e,4f,ff,71,b4,94,8c,1e,61,c5,04,a8,fc,d8,64,
   cb,b9,fe,da,99,e3,e5,dd,98,58,a0,ef,20,ae,4f,3a,f7,3c,f3,5f,a2,e4,e1,34,ca,\
"rkeysecu"=hex:be,cf,a1,c9,6b,61,5d,83,b2,74,ac,3a,e0,2d,f2,50

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Zeit der Fertigstellung: 2010-03-22  15:13:11
ComboFix-quarantined-files.txt  2010-03-22 14:13

Vor Suchlauf: 11 Verzeichnis(se), 233.272.975.360 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 233.538.658.304 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B0C41CFCD1C735F06F479DEB67C34ADF

Hey danke!
alles funktioniert wieder!
Sowohl iTunes und Winamp, als auch Safari und Internet Explorer!
DANKE!

#8 Funktioniert nun Malwarebytes?

#9 Hallo!
Was für ein hilfreicher Thread! <3 Google

Ich habe mit diversen BootCDs, Avert STINGER und MBAM nun noch die letzten Malwarereste entfernt (hoffe ich), ComboFix funktioniert auf Windows7 x64 nicht, von daher fällt das aus.

Spybot und diverse Update-Funktionen funktionieren nicht mehr.

Firefox und Internetexplorer waren nach der Infektion auf "Proxy" umgestellt, nach dem Umstellen auf normale Settings waren beide Browser wieder verfügbar.

Geht sowas bei Programmen auch? Wie kann ich ihnen sagen "hey, benutzt bitte das normale Internet"?


Danke sehr im Voraus!

Falls irgendwelche Daten gebraucht werden mache ichs sofort!



EDIT: Habe mit Kaspersky etliche Reste entfernen können und nun läuft wieder alles. Ob das System sauber ist, kann ich nicht sagen, ich gehe nicht davon aus.
Kaspersky hat inzwischen mehrere Angriffe aus dem Internet geblockt, meint ihr, das sollte ich verfolgen? Sind immer irgendwelche ...worm... Dateien.

#10 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

#11 Hallo! Danke sehr für die Anweisungen, ich kann meine Dateiendungen sehen und hier sind die beiden Logfiles.

OTL.txt

Code

OTL logfile created on: 15.07.2010 13:03:50 - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Andrej\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): e:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,13 Gb Total Space | 27,43 Gb Free Space | 35,11% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 66,48 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 143,63 Gb Free Space | 48,18% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 151,18 Gb Free Space | 50,72% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 278,71 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
 
Computer Name: ZAHLENBÄNDIGER
Current User Name: Andrej
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Andrej\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - D:\Programme\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Mozilla\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - D:\Programme\AVAST Antivir\AvastUI.exe (AVAST Software)
PRC - D:\Programme\AVAST Antivir\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - D:\Programme\ATI Tray Tools\atitray.exe (Ray Adams)
PRC - D:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - D:\Programme\Sony Vegas\Plugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Andrej\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - D:\Programme\ATI Tray Tools\raphook.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:[b]64bit:[/b] - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (avast! Web Scanner) -- D:\Programme\AVAST Antivir\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- D:\Programme\AVAST Antivir\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- D:\Programme\AVAST Antivir\AvastSvc.exe (AVAST Software)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (O&O Defrag) -- D:\Programme\O&O Defrag\oodag.exe (O&O Software GmbH)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SBSDWSCService) -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (MSSQL$SONY_MEDIAMGR) -- D:\Programme\Sony Vegas\Plugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- D:\Programme\Sony Vegas\Plugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (TSP) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:[b]64bit:[/b] - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:[b]64bit:[/b] - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:[b]64bit:[/b] - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (gbxavs_x64) -- C:\Windows\SysNative\drivers\gbxavs_x64.sys (Native Instruments GmbH)
DRV:[b]64bit:[/b] - (gbxusb_x64) -- C:\Windows\SysNative\drivers\gbxusb_x64.sys (Native Instruments GmbH)
DRV:[b]64bit:[/b] - (ak1avs_x64) -- C:\Windows\SysNative\drivers\ak1avs_x64.sys (Native Instruments GmbH)
DRV:[b]64bit:[/b] - (ak1usb_x64) -- C:\Windows\SysNative\drivers\ak1usb_x64.sys (Native Instruments GmbH)
DRV:[b]64bit:[/b] - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:[b]64bit:[/b] - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (SaiH353E) -- C:\Windows\SysNative\drivers\SaiH353E.sys (Saitek)
DRV:[b]64bit:[/b] - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys ()
DRV:[b]64bit:[/b] - (PStrip64) -- C:\Windows\SysNative\drivers\pstrip64.sys ()
DRV - (atitray) -- D:\Programme\ATI Tray Tools\atitray64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 3A 15 D6 D7 49 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.192
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Programme\Mozilla\Firefox\components [2010.07.08 20:22:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Programme\Mozilla\Firefox\plugins [2010.07.02 00:22:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: D:\Programme\Mozilla\Thunderbird\components [2010.06.19 13:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: D:\Programme\Mozilla\Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt [2010.07.14 15:30:09 | 000,000,000 | ---D | M]
 
[2010.04.15 22:11:34 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Extensions
[2010.04.15 22:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.14 15:37:34 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions
[2009.12.15 21:29:18 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.03 00:25:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.17 13:43:47 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.07.03 00:25:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.05.27 16:14:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.05.16 22:02:21 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010.02.14 05:24:46 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.07.03 00:25:29 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009.09.23 01:22:38 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\FasterFox_Lite@BigRedBrent
[2010.04.17 13:43:47 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\tabscope@xuldev.org
[2010.07.03 00:25:27 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\tineye@ideeinc.com
 
O1 HOSTS File: ([2009.10.15 17:50:01 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab)
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast5] D:\Programme\AVAST Antivir\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [AtiTrayTools] D:\Programme\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9:[b]64bit:[/b] - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9:[b]64bit:[/b] - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 83.169.184.97
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d678f7c5-a7c1-11de-8cbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d678f7c5-a7c1-11de-8cbe-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.07.15 13:03:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
[2010.07.14 21:37:42 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.07.14 21:37:42 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.07.14 21:37:41 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.07.14 21:37:39 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.07.14 21:37:35 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.07.14 21:37:21 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.07.14 21:37:21 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010.07.14 21:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.07.14 16:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.14 15:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.07.14 15:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.07.14 15:29:47 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.07.14 15:12:24 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.07.14 14:59:53 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Malwarebytes
[2010.07.14 14:59:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.14 14:59:45 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.14 14:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.14 14:55:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.14 12:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.07.13 20:07:34 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\reljmdhfg
[2010.07.13 20:07:23 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\Windows Server
[2010.07.11 21:51:45 | 000,000,000 | ---D | C] -- C:\.ruby_faster_require_cache
[2010.07.02 01:42:57 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\ArmA 2 OA
[2010.06.24 13:13:19 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Documents\My WeGame Screenshots
[2010.06.24 13:12:16 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\WeGame
[2010.06.24 13:11:57 | 000,488,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltkrn15u.dll
[2010.06.24 13:11:57 | 000,390,496 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Lfcmp15u.dll
[2010.06.24 13:11:57 | 000,185,688 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltfil15u.dll
[2010.06.24 03:00:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.24 03:00:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.24 03:00:48 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.24 03:00:48 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.24 03:00:48 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.24 03:00:48 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.24 03:00:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.24 03:00:48 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.23 23:11:17 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.06.23 23:11:00 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.06.23 23:11:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.06.23 23:11:00 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.06.23 23:11:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.06.23 23:11:00 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.06.23 23:11:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.06.23 23:11:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.06.21 20:06:37 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Desktop\TOOLS
[2010.06.21 01:15:47 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\Apps
[2010.06.20 19:26:08 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\six-rsync
[2010.06.20 02:28:29 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\six-updater
[2010.06.20 02:28:03 | 000,000,000 | ---D | C] -- C:\.gem
[2010.06.19 14:53:36 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\ArmaAddonSync2009
[2010.06.19 14:53:35 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\Yoma_Tools
[2010.06.19 00:06:46 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Sytexis Software
[2010.06.18 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Documents\ArmA 2 Other Profiles
[2010.06.16 23:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wordpad
[2009.09.22 22:57:22 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.07.15 13:03:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
[2010.07.15 13:01:38 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.15 13:01:38 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.15 13:01:16 | 002,352,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.15 13:01:16 | 000,684,902 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2010.07.15 13:01:16 | 000,668,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.15 13:01:16 | 000,625,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.15 13:01:16 | 000,137,098 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.15 13:01:16 | 000,136,916 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2010.07.15 13:01:16 | 000,111,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.15 12:56:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.15 12:56:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.15 12:56:29 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.15 12:56:28 | 000,881,716 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2010.07.15 04:35:41 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.07.15 04:35:41 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.07.15 04:35:41 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.07.15 04:35:41 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010.07.15 04:35:41 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.07.15 04:35:35 | 003,670,016 | -HS- | M] () -- C:\Users\Andrej\NTUSER.DAT
[2010.07.15 04:35:31 | 001,619,405 | -H-- | M] () -- C:\Users\Andrej\AppData\Local\IconCache.db
[2010.07.14 22:38:08 | 000,000,639 | ---- | M] () -- C:\Users\Andrej\Desktop\Fraps.lnk
[2010.07.14 21:37:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.07.14 15:49:47 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.07.14 15:49:46 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.07.14 15:29:47 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.07.11 22:27:11 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.07.11 22:27:11 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.07.09 00:44:32 | 000,185,249 | ---- | M] () -- C:\Users\Andrej\Documents\ts3_clientui-win32-11315-2010-07-09 00_44_31.826653.dmp
[2010.07.08 03:12:18 | 000,043,628 | ---- | M] () -- C:\Users\Andrej\Desktop\rotekarte.jpg
[2010.07.06 07:57:50 | 000,007,595 | ---- | M] () -- C:\Users\Andrej\AppData\Local\Resmon.ResmonCfg
[2010.07.03 21:17:28 | 005,136,774 | ---- | M] () -- C:\Users\Andrej\Desktop\P1010544.JPG
[2010.07.01 20:11:40 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010.06.28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.06.28 22:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.06.28 22:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.06.28 22:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.06.28 22:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.06.28 22:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.06.21 21:07:36 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.06.21 19:43:25 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.06.21 19:43:25 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.06.21 19:43:25 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.06.21 19:43:25 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.06.21 19:43:25 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.06.21 16:41:50 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000005-00001102-00000005-00291102}.rfx
[2010.06.20 02:27:17 | 000,000,962 | ---- | M] () -- C:\Users\Andrej\Desktop\Six Updater - GUI.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.07.14 22:38:08 | 000,000,639 | ---- | C] () -- C:\Users\Andrej\Desktop\Fraps.lnk
[2010.07.14 21:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.07.14 15:30:27 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.07.14 15:30:27 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.07.09 00:44:31 | 000,185,249 | ---- | C] () -- C:\Users\Andrej\Documents\ts3_clientui-win32-11315-2010-07-09 00_44_31.826653.dmp
[2010.07.08 03:12:18 | 000,043,628 | ---- | C] () -- C:\Users\Andrej\Desktop\rotekarte.jpg
[2010.07.03 21:17:27 | 005,136,774 | ---- | C] () -- C:\Users\Andrej\Desktop\P1010544.JPG
[2010.07.02 01:36:22 | 000,024,576 | ---- | C] () -- C:\Users\Andrej\Desktop\memtest.exe
[2010.07.01 20:11:40 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.23 23:06:51 | 000,000,697 | ---- | C] () -- C:\Users\Andrej\Desktop\Fraps (2).lnk
[2010.06.21 21:07:35 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.06.21 20:05:01 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.06.21 20:05:01 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010.06.21 19:52:23 | 000,061,448 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.06.21 19:52:23 | 000,061,448 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.06.21 19:52:23 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.06.20 02:27:17 | 000,000,962 | ---- | C] () -- C:\Users\Andrej\Desktop\Six Updater - GUI.lnk
[2010.06.02 15:46:06 | 000,230,912 | ---- | C] () -- C:\Windows\SysWow64\tambvcm.dll
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.04.11 16:51:51 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.02.11 02:11:05 | 000,000,005 | ---- | C] () -- C:\Windows\ffoomepa.ini
[2010.02.11 02:11:05 | 000,000,005 | ---- | C] () -- C:\Windows\ffoomebp.ini
[2010.02.11 02:09:38 | 003,661,824 | ---- | C] () -- C:\Windows\SysWow64\mkl_wavearts.dll
[2010.02.10 19:40:45 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.02.10 19:40:45 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.02.10 19:21:43 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010.02.10 19:21:35 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.02.10 01:21:58 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009.12.14 15:26:54 | 002,306,922 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.20 19:38:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.11.20 19:38:15 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009.11.20 19:38:15 | 002,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009.11.20 19:38:15 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.11.20 19:38:15 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.11.20 19:38:14 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.11.20 19:38:14 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009.09.23 03:35:21 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\AU8Settings.ini
[2009.09.22 22:57:22 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.09.22 22:57:19 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002.10.16 00:54:04 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.02.12 00:22:56 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Bioshock
[2010.02.15 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Bioshock2
[2009.11.09 19:02:02 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\CPUControl
[2009.09.23 12:06:00 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DAEMON Tools Lite
[2009.09.23 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DAEMON Tools Pro
[2010.03.07 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\GrabPro
[2009.09.30 22:51:35 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\JGoodies
[2009.10.30 15:12:26 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Leadertech
[2010.07.14 21:53:10 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Mumble
[2010.02.25 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Mumble(PR Edition)
[2009.09.30 00:53:57 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\OpenOffice.org
[2010.06.21 00:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Orbit
[2009.12.14 15:36:50 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Publish Providers
[2009.10.11 19:31:48 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\REAPER
[2010.06.20 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\six-rsync
[2010.07.11 09:42:03 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\six-updater
[2009.12.14 15:56:41 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Sony
[2010.06.19 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Sytexis Software
[2010.04.15 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Thunderbird
[2010.04.23 01:03:41 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Ubisoft
[2010.07.15 00:45:22 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\uTorrent
[2010.06.24 21:55:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Extras.txt

Code

OTL Extras logfile created on: 15.07.2010 13:03:50 - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Andrej\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): e:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,13 Gb Total Space | 27,43 Gb Free Space | 35,11% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 66,48 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 143,63 Gb Free Space | 48,18% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 151,18 Gb Free Space | 50,72% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 278,71 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
 
Computer Name: ZAHLENBÄNDIGER
Current User Name: Andrej
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\MicrosoftOffice\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\MicrosoftOffice\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\MicrosoftOffice\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\MicrosoftOffice\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2253CE44-3EDE-DFDD-FE5B-60B36199D24C}" = ATI Catalyst Install Manager
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller Driver
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{F7C134DF-3B50-47d8-BBAC-269099DCCC7C}" = Native Instruments Audio Kontrol 1 Driver
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v2.9.4
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MediaInfo" = MediaInfo 0.7.27
"REAPER" = REAPER (x64)
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CB2A228-2E05-888C-3C38-FD242D66A37E}" = Catalyst Control Center InstallProxy
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{71D92E42-DBBF-4CEB-895E-95C56D5E4868}_is1" = Mz Ram Booster v3.5.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{886E284F-ED78-4149-9007-9C5CF69A52B9}" = Camtasia Studio 6
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2 Complete Collection
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAE54D7E-8DB8-4D7F-9B80-C68F32373A81}" = Addon Sync 2009
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"ALchemy" = Creative ALchemy
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Auto Shutdown_is1" = Auto Shutdown 8.11
"AutoGK" = Auto Gordian Knot 2.55
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url]
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CPU-Control_is1" = CPU-Control
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Debut" = Debut Video Capture Software
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"F.E.A.R. 2: Project Origin" = F.E.A.R. 2: Project Origin
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"GoldWave v5.55" = GoldWave v5.55
"Guild Wars" = GUILD WARS
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"IrfanView" = IrfanView (remove only)
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"Mumble" = Mumble and Murmur
"Mumble(PR Edition)" = Mumble(PR edition) and Murmur(PR edition)
"Native Instruments Audio Kontrol 1 Driver" = Native Instruments Audio Kontrol 1 Driver
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Hardware Controller Support" = Native Instruments Hardware Controller Support
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Nero8Lite_is1" = Nero 8 Micro
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"PacSteamT" = PacSteamT
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"PlayClaw" = PlayClaw
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"Prism" = Prism Video Converter
"Project Reality Full - Part 1 of 2_is1" = Project Reality 0909 Full - Part 1 of 2
"Project Reality Full - Part 2 of 2_is1" = Project Reality 0909 Full - Part 2 of 2
"Project Reality Jabal 2 Test_is1" = Project Reality 0917 Jabal 2 Test
"Project Reality Patch_is1" = Project Reality 0917 Patch
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"rayatitray" = Ray Adams ATI Tray Tools
"SeriousSam2" = Serious Sam 2
"Six Updater Suite" = Six Updater Suite
"SpeedFan" = SpeedFan (remove only)
"STANDARD" = Microsoft Office Standard 2007
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TempoPerfect" = TempoPerfect
"ThielHater's Texturepatch_is1" = ThielHater's Texturepatch v1.0.1
"ToolBox" = NCH Toolbox
"uTorrent" = µTorrent
"VobSub" = VobSub v2.23 (Remove Only)
"Wave Arts Power Suite" = Wave Arts Power Suite
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CryTools" = CryTools
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 07.04.2010 21:44:07 | Computer Name = Zahlenbändiger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: FMSI.dll, Version: 3.20.1.1,
 Zeitstempel: 0x49b76dd9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004c57c  ID des fehlerhaften
 Prozesses: 0xfd0  Startzeit der fehlerhaften Anwendung: 0x01cad6bafc38dd7e  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\DllHost.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSI.dll
Berichtskennung:
 382bcde4-42b0-11df-9f0c-00218519f8e3
 
Error - 09.04.2010 10:19:34 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.04.2010 21:25:34 | Computer Name = Zahlenbändiger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RGSC.exe, Version: 1.0.0.0, Zeitstempel:
 0x49432158  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x75304cad  ID des fehlerhaften Prozesses:
 0x570  Startzeit der fehlerhaften Anwendung: 0x01cad84c34db5fca  Pfad der fehlerhaften
 Anwendung: D:\Spiele\RockstarGames\Rockstar Games Social Club\1_1_3_0\RGSC.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: f51a1b59-443f-11df-b787-00218519f8e3
 
Error - 11.04.2010 12:41:29 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12.04.2010 14:06:01 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 13.04.2010 13:26:45 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.04.2010 10:10:12 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 15.04.2010 10:02:24 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 15.04.2010 18:26:33 | Computer Name = Zahlenbändiger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BFBC2Game.exe, Version: 1.0.1.0, 
Zeitstempel: 0x4ba11182  Name des fehlerhaften Moduls: pbcl.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4b2a667a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x17ec0ccc
ID
 des fehlerhaften Prozesses: 0xd88  Startzeit der fehlerhaften Anwendung: 0x01cadce63e8e20cc
Pfad
 der fehlerhaften Anwendung: D:\Spiele\Bad Company 2\BFBC2Game.exe  Pfad des fehlerhaften
 Moduls: pbcl.dll  Berichtskennung: f202e4de-48dd-11df-8d80-00218519f8e3
 
Error - 17.04.2010 16:16:49 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 14.07.2010 22:35:35 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 15.07.2010 06:56:55 | Computer Name = Zahlenbändiger | Source = PNRPSvc | ID = 102
Description = 
 
Error - 15.07.2010 06:56:55 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 15.07.2010 06:56:55 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 15.07.2010 06:57:06 | Computer Name = Zahlenbändiger | Source = PNRPSvc | ID = 102
Description = 
 
Error - 15.07.2010 06:57:06 | Computer Name = Zahlenbändiger | Source = PNRPSvc | ID = 102
Description = 
 
Error - 15.07.2010 06:57:06 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 15.07.2010 06:57:06 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 15.07.2010 06:57:06 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 15.07.2010 06:57:06 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
 
< End of report >

Woaaah, so viel Text... Danke sehr für die Hilfe im Voraus!

#12 Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

Mehrere Anti-Virus-Programme

Code

Kaspersky
Avast

Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die anderen.

Schritt 3

CD-Emulatoren mit DeFogger deaktivieren

Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen.

Lade DeFogger herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.
• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread.

Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

Schritt 4

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

#13 Wow, ich bin erstaunt über die professionelle Hilfe hier! Danke sehr!

Ich habe Kaspersky schon gestern vom Autostart genommen und jetzt gerade deinstalliert, Avast ist nun mein Anti-Virus-Programm.

Die Daemon Tools habe ich mit Defogger deaktivieren lassen, hier ist das Logfile:

Code

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:07 on 15/07/2010 (Andrej)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

MBAM ist geupdated (wow, tägliche Updates, irre!) und läuft gerade.

Fertig, 2 infizierte Dateien, hier das Log:

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4316

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.07.2010 19:14:10
mbam-log-2010-07-15 (19-14-10).txt

Scan type: Quick scan
Objects scanned: 132391
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Spitze! Danke sehr!
Was nun?

Ich restarte mal kurz...

#14 Schritt 1

Grundreinigung mit SUPERAntiSpyware

• Bitte lade Dir SUPERAntiSpyware FREE Edition von SUPERAntiSpyware Website herunter.
• Eine bebilderte Anleitung findest Du hier.
• Installiere das Programm.
• Überzeuge Dich davon, dass alle Anwendungen und Dein Webbrowser geschlossen sind.
• Klicke auf den 'Check for Updates'-Button.
• Wenn das Update beendet ist, schließe SUPERAntiSpyware.
• Lasse den Scan noch NICHT laufen!
• Öffne SUPERAntiSpyware und klicke auf den 'Scan your Computer'-Button.
• Setze ein Häkchen bei 'Perform Complete Scan', klicke nun auf "Weiter".
• Achte unbedingt darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf "Weiter".
• Klicke auf 'Finish', das bringt Dich wieder ins Hauptfenster.
• Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
• Um das Logfile zu erhalten, musst du erst auf 'Preferences' und dann auf den 'Statistics/Logs'-Button klicken.
• Klicke auf das datierte Logfile, drücke auf 'View Log'. Nun erscheint ein Textfenster.
• Bitte kopiere diesen Bericht hier in den Thread.

Schritt 2

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

#15 Hey Swiss, habe alles gemacht.

EDT: mir ist gerade eingefallen, dass ich einen Fehler begangen habe, ich habe heute, da der Rechner sich wieder sauber anfühlte, aus Vergesslichkeit das K-Lite Codec Pack aktualisiert, das ich benutze. :-/ Ich sollte eigentlich keine neue Software & Hardware installieren, ich hoffe es ist nicht schlimm... Wenn es stört, sag mir, was ich machen soll und ich machs sofort, auch wenns ganz von vorne sein muss. Sorry, bin schuldig.


SUPERAntiSpyware Logfile

Code

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/16/2010 at 01:45 AM

Application Version : 4.40.1002

Core Rules Database Version : 5210
Trace Rules Database Version: 3022

Scan type       : Complete Scan
Total Scan Time : 00:30:01

Memory items scanned      : 528
Memory threats detected   : 0
Registry items scanned    : 13907
Registry threats detected : 0
File items scanned        : 40955
File threats detected     : 396

Adware.Flash Tracking Cookie
    C:\Users\Andrej\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8GHV588C\MEDIA.MTVNSERVICES.COM
    C:\Users\Andrej\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8GHV588C\SECURE-US.IMRWORLDWIDE.COM

Adware.Tracking Cookie
    media.mtvnservices.com [ C:\Users\Andrej\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8GHV588C ]
    media.scanscout.com [ C:\Users\Andrej\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8GHV588C ]
    secure-us.imrworldwide.com [ C:\Users\Andrej\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8GHV588C ]
    .imrworldwide.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .doubleclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .paypal.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .stats.paypal.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .apmebf.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .mediaplex.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adtech.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.zanox.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .zanox.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    de.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .eaeacom.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    stat.onestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    stat.onestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adserv.tacticalgamer.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .msnportal.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adfarm1.adition.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    servedby.adxpower.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    servedby.adxpower.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tacoda.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tacoda.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tacoda.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .microsoftwindows.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .xiti.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .bs.serving-sys.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ads3.exp.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adserver.overclock.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    a6.adserver01.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    media.mtvnservices.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adserver.consol.at [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .www.versiontracker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ehg-myspaceinc.hitbox.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .hitbox.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adserver2.clipkit.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tto2.traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .apmebf.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    a6.adserver01.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .warezlobby.org [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .warezlobby.org [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    cyberwarez.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    cyberwarez.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.zanox.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adsrv1.247activemedia.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .yadro.ru [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    kap.yourwebmedia.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    de.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .de.at.atwola.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .viagametrailersvideo.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .pro-market.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .lfstmedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .lfstmedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .im.banner.t-online.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .rambler.ru [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tns-counter.ru [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tizer.mediarotator.ru [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tizer.mediarotator.ru [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tizer.mediarotator.ru [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    rotator.adjuggler.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    rotator.adjuggler.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    de.2.cqcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .4stats.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.ad-track.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    uk.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    uk.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .spylog.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .mediaplex.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    optimize.indieclick.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    track.webtrekk.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .bizrate.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .bizrate.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    stats.exp.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    statse.webtrendslive.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .atwola.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .at.atwola.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.rapidfind.org [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.rapidfind.org [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.rapidfind.org [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .warezforum.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .warezforum.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.toontrack.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .mediaplex.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    de.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adserver.sevenload.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ice.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    track.webtrekk.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .dmtracker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .zedo.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .zedo.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adrevolver.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adrevolver.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    media.adrevolver.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .sbsaustralia.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    eas.apm.emediate.eu [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .xfire.adbureau.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .countomat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad1.clickhype.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .xfire.adbureau.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    us.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    us.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www7.addfreestats.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adx.chip.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    de.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    a2.adserver01.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.adserver01.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .questionmarket.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.sexcounter.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.321sex.at [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .321sex.at [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.usenext.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www6.addfreestats.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .iovatehealthsciences.122.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .bluestreak.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.rcmedia.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .mvtracker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .mvtracker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .questionmarket.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tripod.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .mediafire.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .socialmedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .partypoker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ad.adnet.biz [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ads.infomedia18.in [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .roleplaymedia.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    de.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .microsoftwga.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    stat.onestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    de.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .checkstat.nl [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    stats.gamestop.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    stats.gamestop.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    warez.f60s.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    mediaarea.eu [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    mediaarea.eu [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    a7.adserver01.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    stats.crackerjackmack.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .microsoftgamestudio.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    a6.adserver01.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .www.traffictrack.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    s02.flagcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ehg-myspaceinc.hitbox.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ehg-myspaceinc.hitbox.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    openx.itmgmedia.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .web-stat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .web-stat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .web-stat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .clicksor.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .clicksor.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .clicksor.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .clicksor.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .clicksor.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .xm.xtendmedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .partypoker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    de.partypoker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adsrv.admediate.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adsrv.admediate.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    track.effiliation.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .amazonmerchants.122.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .kontera.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .kontera.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .kontera.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .kontera.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .chitika.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adviva.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .elitepartner.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .elitepartner.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .elitepartner.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .elitepartner.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .elitepartner.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .elitepartner.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    us.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .gwarez.cc [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .gwarez.cc [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .tracking.mindshare.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    tracking.mindshare.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .4stats.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    s05.flagcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    n.i.r.cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .acronymfinder.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    o.m.r.cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .zedo.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adultcheck.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    s3.trafficmaxx.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    tracking.interaktivfabrik.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    track.webtrekk.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adfarm1.adition.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .euros4click.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .euros4click.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adcentriconline.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .f2network.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .gwarez-support.cc [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .gwarez-support.cc [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .gwarez-support.cc [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    gwarez-support.cc [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .webpower.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .viaviralvideo.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .avl.112.2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adserver.pc-cooling.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    uk.sitestat.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    sega.missioncontrol.global-media.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .hotlog.ru [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .partypoker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .partypoker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ucount.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ucount.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .ucount.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .linksynergy.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .linksynergy.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .linksynergy.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .legolas-media.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .legolas-media.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    s02.flagcounter.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .xfire.adbureau.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ww251.smartadserver.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adserver.seedpeer.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    F***.dk [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .list.ru [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    counter.search.bg [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .gametracker.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.adultgamerselite.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .adultgamerselite.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.etracker.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .toplist.cz [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    3.o.i.cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.etracker.de [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adply.plymedia.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .myroitracking.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    adserver.mmoguru.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    j.p.i.cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    cltomedia.info [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .www.burstnet.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    .burstnet.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]
    www.burstnet.com [ C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\p7femf97.default\cookies.sqlite ]

Trojan.Agent/Gen-OnlineGames
    E:\SONY VEGAS\9\SONYVEGAS\SETUP.EXE

OTL.txt

Code

OTL logfile created on: 16.07.2010 01:49:41 - Run 2
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Andrej\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
10,00 Gb Paging File | 9,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): e:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,13 Gb Total Space | 26,84 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 66,96 Gb Free Space | 30,44% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 143,74 Gb Free Space | 48,22% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 151,18 Gb Free Space | 50,72% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 278,71 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
 
Computer Name: ZAHLENBÄNDIGER
Current User Name: Andrej
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Andrej\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - D:\Programme\AVAST Antivir\AvastUI.exe (AVAST Software)
PRC - D:\Programme\AVAST Antivir\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - D:\Programme\ATI Tray Tools\atitray.exe (Ray Adams)
PRC - D:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - D:\Programme\Sony Vegas\Plugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Andrej\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - D:\Programme\ATI Tray Tools\raphook.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:[b]64bit:[/b] - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (!SASCORE) -- D:\Programme\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (avast! Web Scanner) -- D:\Programme\AVAST Antivir\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- D:\Programme\AVAST Antivir\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- D:\Programme\AVAST Antivir\AvastSvc.exe (AVAST Software)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (O&O Defrag) -- D:\Programme\O&O Defrag\oodag.exe (O&O Software GmbH)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SBSDWSCService) -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (MSSQL$SONY_MEDIAMGR) -- D:\Programme\Sony Vegas\Plugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- D:\Programme\Sony Vegas\Plugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (TSP) -- C:\Windows\SysNative\DRIVERS\klif.sys File not found
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:[b]64bit:[/b] - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:[b]64bit:[/b] - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:[b]64bit:[/b] - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:[b]64bit:[/b] - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (gbxavs_x64) -- C:\Windows\SysNative\drivers\gbxavs_x64.sys (Native Instruments GmbH)
DRV:[b]64bit:[/b] - (gbxusb_x64) -- C:\Windows\SysNative\drivers\gbxusb_x64.sys (Native Instruments GmbH)
DRV:[b]64bit:[/b] - (ak1avs_x64) -- C:\Windows\SysNative\drivers\ak1avs_x64.sys (Native Instruments GmbH)
DRV:[b]64bit:[/b] - (ak1usb_x64) -- C:\Windows\SysNative\drivers\ak1usb_x64.sys (Native Instruments GmbH)
DRV:[b]64bit:[/b] - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:[b]64bit:[/b] - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (SaiH353E) -- C:\Windows\SysNative\drivers\SaiH353E.sys (Saitek)
DRV:[b]64bit:[/b] - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys ()
DRV:[b]64bit:[/b] - (PStrip64) -- C:\Windows\SysNative\drivers\pstrip64.sys ()
DRV - (SASDIFSV) -- D:\Programme\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- D:\Programme\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (atitray) -- D:\Programme\ATI Tray Tools\atitray64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 3A 15 D6 D7 49 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Programme\Mozilla\Firefox\components [2010.07.15 22:49:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Programme\Mozilla\Firefox\plugins [2010.07.15 22:49:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: D:\Programme\Mozilla\Thunderbird\components [2010.07.15 22:49:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: D:\Programme\Mozilla\Thunderbird\plugins
 
[2010.04.15 22:11:34 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Extensions
[2010.04.15 22:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.15 14:14:25 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions
[2009.12.15 21:29:18 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.03 00:25:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.17 13:43:47 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.07.03 00:25:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.05.27 16:14:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.05.16 22:02:21 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010.02.14 05:24:46 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.07.03 00:25:29 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009.09.23 01:22:38 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\FasterFox_Lite@BigRedBrent
[2010.04.17 13:43:47 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\tabscope@xuldev.org
[2010.07.03 00:25:27 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\p7femf97.default\extensions\tineye@ideeinc.com
 
O1 HOSTS File: ([2009.10.15 17:50:01 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast5] D:\Programme\AVAST Antivir\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [AtiTrayTools] D:\Programme\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [SUPERAntiSpyware] D:\Programme\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 83.169.184.97
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d678f7c5-a7c1-11de-8cbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d678f7c5-a7c1-11de-8cbe-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.07.16 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.16 01:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.16 01:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.07.16 01:08:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
[2010.07.15 22:52:35 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2010.07.15 22:52:35 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\I263_32.drv
[2010.07.15 22:52:35 | 000,287,744 | ---- | C] (Kristal StudioD
FileDescription) -- C:\Windows\SysWow64\divxa32.acm
[2010.07.15 22:52:35 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\mp3fhg.acm
[2010.07.15 22:52:35 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010.07.15 22:52:35 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010.07.15 22:52:35 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\huffyuv.dll
[2010.07.15 22:52:34 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx.dll
[2010.07.15 22:52:34 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2010.07.15 22:52:34 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2010.07.15 22:52:34 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2010.07.15 19:05:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.14 21:37:42 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.07.14 21:37:42 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.07.14 21:37:41 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.07.14 21:37:39 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.07.14 21:37:35 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.07.14 21:37:21 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.07.14 21:37:21 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010.07.14 21:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.07.14 16:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.14 15:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.07.14 15:12:24 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.07.14 14:59:53 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Malwarebytes
[2010.07.14 14:59:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.14 14:59:45 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.14 14:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.14 14:55:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.13 20:07:34 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\reljmdhfg
[2010.07.13 20:07:23 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\Windows Server
[2010.07.11 21:51:45 | 000,000,000 | ---D | C] -- C:\.ruby_faster_require_cache
[2010.07.02 01:42:57 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\ArmA 2 OA
[2010.06.24 13:13:19 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Documents\My WeGame Screenshots
[2010.06.24 13:12:16 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\WeGame
[2010.06.24 13:11:57 | 000,488,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltkrn15u.dll
[2010.06.24 13:11:57 | 000,390,496 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Lfcmp15u.dll
[2010.06.24 13:11:57 | 000,185,688 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltfil15u.dll
[2010.06.24 03:00:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.24 03:00:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.24 03:00:48 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.24 03:00:48 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.24 03:00:48 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.24 03:00:48 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.24 03:00:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.24 03:00:48 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.23 23:11:17 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.06.23 23:11:00 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.06.23 23:11:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.06.23 23:11:00 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.06.23 23:11:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.06.23 23:11:00 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.06.23 23:11:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.06.23 23:11:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.06.21 20:06:37 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Desktop\TOOLS
[2010.06.21 01:15:47 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\Apps
[2010.06.20 19:26:08 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\six-rsync
[2010.06.20 02:28:29 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\six-updater
[2010.06.20 02:28:03 | 000,000,000 | ---D | C] -- C:\.gem
[2010.06.19 14:53:36 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\ArmaAddonSync2009
[2010.06.19 14:53:35 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\Yoma_Tools
[2010.06.19 00:06:46 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Sytexis Software
[2010.06.18 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Documents\ArmA 2 Other Profiles
[2010.06.16 23:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wordpad
[2009.09.22 22:57:22 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.07.16 01:47:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.16 01:47:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.16 01:47:31 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.16 01:47:30 | 000,891,924 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2010.07.16 01:46:52 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.07.16 01:46:52 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.07.16 01:46:52 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.07.16 01:46:52 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010.07.16 01:46:52 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.07.16 01:46:45 | 003,670,016 | -HS- | M] () -- C:\Users\Andrej\NTUSER.DAT
[2010.07.16 01:46:44 | 001,764,397 | -H-- | M] () -- C:\Users\Andrej\AppData\Local\IconCache.db
[2010.07.16 01:10:37 | 000,000,652 | ---- | M] () -- C:\Users\Andrej\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.16 01:08:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
[2010.07.15 23:04:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.15 23:04:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.15 23:04:21 | 002,352,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.15 23:04:21 | 000,684,902 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2010.07.15 23:04:21 | 000,668,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.15 23:04:21 | 000,625,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.15 23:04:21 | 000,137,098 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.15 23:04:21 | 000,136,916 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2010.07.15 23:04:21 | 000,111,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.15 19:07:24 | 000,000,188 | ---- | M] () -- C:\Users\Andrej\defogger_reenable
[2010.07.15 19:06:07 | 000,050,477 | ---- | M] () -- C:\Users\Andrej\Desktop\Defogger.exe
[2010.07.14 21:37:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.07.14 20:00:00 | 000,136,704 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2010.07.14 10:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.07.14 10:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010.07.11 22:27:11 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.07.11 22:27:11 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.07.09 00:44:32 | 000,185,249 | ---- | M] () -- C:\Users\Andrej\Documents\ts3_clientui-win32-11315-2010-07-09 00_44_31.826653.dmp
[2010.07.08 03:12:18 | 000,043,628 | ---- | M] () -- C:\Users\Andrej\Desktop\rotekarte.jpg
[2010.07.06 07:57:50 | 000,007,595 | ---- | M] () -- C:\Users\Andrej\AppData\Local\Resmon.ResmonCfg
[2010.07.06 00:43:34 | 003,200,512 | ---- | M] () -- C:\Windows\SysWow64\x264vfw.dll
[2010.07.03 21:17:28 | 005,136,774 | ---- | M] () -- C:\Users\Andrej\Desktop\P1010544.JPG
[2010.07.01 20:11:40 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010.06.28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.06.28 22:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.06.28 22:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.06.28 22:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.06.28 22:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.06.28 22:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.06.21 21:07:36 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.06.21 19:43:25 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.06.21 19:43:25 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.06.21 19:43:25 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.06.21 19:43:25 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.06.21 19:43:25 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.06.21 16:41:50 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000005-00001102-00000005-00291102}.rfx
[2010.06.20 02:27:17 | 000,000,962 | ---- | M] () -- C:\Users\Andrej\Desktop\Six Updater - GUI.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.07.16 01:10:37 | 000,000,652 | ---- | C] () -- C:\Users\Andrej\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.15 22:54:18 | 000,191,488 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2010.07.15 22:54:17 | 000,136,704 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2010.07.15 22:52:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.07.15 22:52:35 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010.07.15 22:52:34 | 003,200,512 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010.07.15 22:52:34 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.07.15 22:52:34 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.07.15 22:52:34 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.07.15 22:52:34 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.07.15 19:07:23 | 000,000,188 | ---- | C] () -- C:\Users\Andrej\defogger_reenable
[2010.07.15 19:06:10 | 000,050,477 | ---- | C] () -- C:\Users\Andrej\Desktop\Defogger.exe
[2010.07.14 21:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.07.09 00:44:31 | 000,185,249 | ---- | C] () -- C:\Users\Andrej\Documents\ts3_clientui-win32-11315-2010-07-09 00_44_31.826653.dmp
[2010.07.08 03:12:18 | 000,043,628 | ---- | C] () -- C:\Users\Andrej\Desktop\rotekarte.jpg
[2010.07.03 21:17:27 | 005,136,774 | ---- | C] () -- C:\Users\Andrej\Desktop\P1010544.JPG
[2010.07.02 01:36:22 | 000,024,576 | ---- | C] () -- C:\Users\Andrej\Desktop\memtest.exe
[2010.07.01 20:11:40 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.23 23:06:51 | 000,000,697 | ---- | C] () -- C:\Users\Andrej\Desktop\Fraps (2).lnk
[2010.06.21 21:07:35 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.06.21 20:05:01 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.06.21 20:05:01 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010.06.21 19:52:23 | 000,061,448 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.06.21 19:52:23 | 000,061,448 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.06.21 19:52:23 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000006-00001102-00000005-00291102}.rfx
[2010.06.20 02:27:17 | 000,000,962 | ---- | C] () -- C:\Users\Andrej\Desktop\Six Updater - GUI.lnk
[2010.06.02 15:46:06 | 000,230,912 | ---- | C] () -- C:\Windows\SysWow64\tambvcm.dll
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.04.11 16:51:51 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.02.11 02:11:05 | 000,000,005 | ---- | C] () -- C:\Windows\ffoomepa.ini
[2010.02.11 02:11:05 | 000,000,005 | ---- | C] () -- C:\Windows\ffoomebp.ini
[2010.02.11 02:09:38 | 003,661,824 | ---- | C] () -- C:\Windows\SysWow64\mkl_wavearts.dll
[2010.02.10 19:40:45 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.02.10 19:40:45 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.02.10 19:21:43 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010.02.10 19:21:35 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.02.10 01:21:58 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009.12.14 15:26:54 | 002,306,922 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.09.23 03:35:21 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\AU8Settings.ini
[2009.09.22 22:57:22 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.09.22 22:57:19 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002.10.16 00:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.02.12 00:22:56 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Bioshock
[2010.02.15 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Bioshock2
[2009.11.09 19:02:02 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\CPUControl
[2009.09.23 12:06:00 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DAEMON Tools Lite
[2009.09.23 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DAEMON Tools Pro
[2010.03.07 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\GrabPro
[2009.09.30 22:51:35 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\JGoodies
[2009.10.30 15:12:26 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Leadertech
[2010.07.14 21:53:10 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Mumble
[2010.02.25 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Mumble(PR Edition)
[2009.09.30 00:53:57 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\OpenOffice.org
[2010.06.21 00:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Orbit
[2009.12.14 15:36:50 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Publish Providers
[2009.10.11 19:31:48 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\REAPER
[2010.06.20 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\six-rsync
[2010.07.11 09:42:03 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\six-updater
[2009.12.14 15:56:41 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Sony
[2010.06.19 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Sytexis Software
[2010.04.15 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Thunderbird
[2010.04.23 01:03:41 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Ubisoft
[2010.07.15 00:45:22 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\uTorrent
[2010.06.24 21:55:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Extras.txt

Code

OTL Extras logfile created on: 16.07.2010 01:49:42 - Run 2
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Andrej\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
10,00 Gb Paging File | 9,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): e:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,13 Gb Total Space | 26,84 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 66,96 Gb Free Space | 30,44% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 143,74 Gb Free Space | 48,22% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 151,18 Gb Free Space | 50,72% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 278,71 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
 
Computer Name: ZAHLENBÄNDIGER
Current User Name: Andrej
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\MicrosoftOffice\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\MicrosoftOffice\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\MicrosoftOffice\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\MicrosoftOffice\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2253CE44-3EDE-DFDD-FE5B-60B36199D24C}" = ATI Catalyst Install Manager
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller Driver
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F7C134DF-3B50-47d8-BBAC-269099DCCC7C}" = Native Instruments Audio Kontrol 1 Driver
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.7.0
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MediaInfo" = MediaInfo 0.7.27
"REAPER" = REAPER (x64)
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CB2A228-2E05-888C-3C38-FD242D66A37E}" = Catalyst Control Center InstallProxy
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{71D92E42-DBBF-4CEB-895E-95C56D5E4868}_is1" = Mz Ram Booster v3.5.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{886E284F-ED78-4149-9007-9C5CF69A52B9}" = Camtasia Studio 6
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2 Complete Collection
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAE54D7E-8DB8-4D7F-9B80-C68F32373A81}" = Addon Sync 2009
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"ALchemy" = Creative ALchemy
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Auto Shutdown_is1" = Auto Shutdown 8.11
"AutoGK" = Auto Gordian Knot 2.55
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BattlEye for OA" = BattlEye for OA Uninstall
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CPU-Control_is1" = CPU-Control
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Debut" = Debut Video Capture Software
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"F.E.A.R. 2: Project Origin" = F.E.A.R. 2: Project Origin
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"GoldWave v5.55" = GoldWave v5.55
"Guild Wars" = GUILD WARS
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IrfanView" = IrfanView (remove only)
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"Mumble" = Mumble and Murmur
"Mumble(PR Edition)" = Mumble(PR edition) and Murmur(PR edition)
"Native Instruments Audio Kontrol 1 Driver" = Native Instruments Audio Kontrol 1 Driver
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Hardware Controller Support" = Native Instruments Hardware Controller Support
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Nero8Lite_is1" = Nero 8 Micro
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"PacSteamT" = PacSteamT
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"PlayClaw" = PlayClaw
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"Prism" = Prism Video Converter
"Project Reality Full - Part 1 of 2_is1" = Project Reality 0909 Full - Part 1 of 2
"Project Reality Full - Part 2 of 2_is1" = Project Reality 0909 Full - Part 2 of 2
"Project Reality Jabal 2 Test_is1" = Project Reality 0917 Jabal 2 Test
"Project Reality Patch_is1" = Project Reality 0917 Patch
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"rayatitray" = Ray Adams ATI Tray Tools
"SeriousSam2" = Serious Sam 2
"Six Updater Suite" = Six Updater Suite
"SpeedFan" = SpeedFan (remove only)
"STANDARD" = Microsoft Office Standard 2007
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TempoPerfect" = TempoPerfect
"ThielHater's Texturepatch_is1" = ThielHater's Texturepatch v1.0.1
"ToolBox" = NCH Toolbox
"uTorrent" = µTorrent
"VobSub" = VobSub v2.23 (Remove Only)
"Wave Arts Power Suite" = Wave Arts Power Suite
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CryTools" = CryTools
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 09.04.2010 10:19:34 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.04.2010 21:25:34 | Computer Name = Zahlenbändiger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RGSC.exe, Version: 1.0.0.0, Zeitstempel:
 0x49432158  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x75304cad  ID des fehlerhaften Prozesses:
 0x570  Startzeit der fehlerhaften Anwendung: 0x01cad84c34db5fca  Pfad der fehlerhaften
 Anwendung: D:\Spiele\RockstarGames\Rockstar Games Social Club\1_1_3_0\RGSC.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: f51a1b59-443f-11df-b787-00218519f8e3
 
Error - 11.04.2010 12:41:29 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12.04.2010 14:06:01 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 13.04.2010 13:26:45 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.04.2010 10:10:12 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 15.04.2010 10:02:24 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 15.04.2010 18:26:33 | Computer Name = Zahlenbändiger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BFBC2Game.exe, Version: 1.0.1.0, 
Zeitstempel: 0x4ba11182  Name des fehlerhaften Moduls: pbcl.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4b2a667a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x17ec0ccc
ID
 des fehlerhaften Prozesses: 0xd88  Startzeit der fehlerhaften Anwendung: 0x01cadce63e8e20cc
Pfad
 der fehlerhaften Anwendung: D:\Spiele\Bad Company 2\BFBC2Game.exe  Pfad des fehlerhaften
 Moduls: pbcl.dll  Berichtskennung: f202e4de-48dd-11df-8d80-00218519f8e3
 
Error - 17.04.2010 16:16:49 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 19.04.2010 18:07:11 | Computer Name = Zahlenbändiger | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 15.07.2010 19:46:45 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 15.07.2010 19:47:48 | Computer Name = Zahlenbändiger | Source = PNRPSvc | ID = 102
Description = 
 
Error - 15.07.2010 19:47:48 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 15.07.2010 19:47:48 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 15.07.2010 19:47:59 | Computer Name = Zahlenbändiger | Source = PNRPSvc | ID = 102
Description = 
 
Error - 15.07.2010 19:47:59 | Computer Name = Zahlenbändiger | Source = PNRPSvc | ID = 102
Description = 
 
Error - 15.07.2010 19:47:59 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 15.07.2010 19:47:59 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 15.07.2010 19:47:59 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 15.07.2010 19:47:59 | Computer Name = Zahlenbändiger | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
 
< End of report >