Home » Viren, Trojaner & Malware Forum » FF Browser stürzt ab bzw. schließt sich von selber » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

FF Browser stürzt ab bzw. schließt sich von selber

06.08.2010, 13:00

petermarkus

Member

Beiträge: 690

#1 hallo zusammen,

ich sitze hier gerade bei einer Freundin am PC (Windows XP) und habe versucht zuerst den CCleaner zu installieren (FF stürzt ab) und dann wollte ich mit secundia testen, ob ihre Software auf dem neuesten Stand ist (hier schließt sich der FF von selber sofort). Das kommt mir alles sehr merkwürdig vor. Was soll ich bitte tun?

06.08.2010, 14:29

petermarkus

Member

Themenstarter

Beiträge: 690

#2 ich habe jetzt festgestellt, dass ich nichts downloaden kann..und das letzte Update von bitdefender wurde im Jahre 2008 gemacht..bitte helft mir, aber wenn ich persönlich nichts davon habe...aber ich kann doch nicht am sonntag heimfahren und sie hier mit einem total verseuchten PC sitzenlassen..

06.08.2010, 15:42

gangren

Member

Beiträge: 420

#3 Hi,

ohne Downloads wird es nichts. Kein anderer PC verfügbar?
Du könntest versuchen Windows im abgesicherten Modus mit Netzwerkunterstützung zu starten, vllt. funktionieren die Downloads dann.
Versuche bitte auch die test.txt aus meinem Anhang herunterzuladen, vllt. haben wir Glück.
Versuche auch mal den IE anstatt Firefox zu benutzen.
Wenn alles scheitert bleibt wohl nur den Windows neu aufzusetzen.

Anhang: test.txt

06.08.2010, 16:29

petermarkus

Member

Themenstarter

Beiträge: 690

#4 leider geht nichts mehr...ich kann rein gar nichts downloaden außer Add Ons für den FF

06.08.2010, 16:54

petermarkus

Member

Themenstarter

Beiträge: 690

#5 nachdem ich den rechner runtergefahren habe und einen Neustart gewagt habe, kann ich auf einmal downloaden..

was soll ich nun bitte tun?

06.08.2010, 16:55

gangren

Member

Beiträge: 420

#6 1. Malwarebytes
http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe
Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Das Programm starten und auf Run Scan klicken. Es werden zwei Logs erstellt, OTL.txt und Extras.txt, die beiden bitte posten.

06.08.2010, 17:17

petermarkus

Member

Themenstarter

Beiträge: 690

#7 1.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.08.2010 17:16:41
mbam-log-2010-08-06 (17-16-41).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150465
Laufzeit: 13 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\itereejf (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programme\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programme\Zango\bin\10.3.75.0 (Adware.180Solutions) -> Quarantined and deleted successfully.

Infizierte Dateien:
d:\dokumente und einstellungen\Lea\lokale einstellungen\anwendungsdaten\itereejf.exe (Trojan.Agent.H) -> Delete on reboot.

06.08.2010, 17:26

petermarkus

Member

Themenstarter

Beiträge: 690

#8 2.

OTL logfile created on: 06.08.2010 17:17:46 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 220,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,98 Gb Total Space | 8,93 Gb Free Space | 29,78% Space Free | Partition Type: NTFS
Drive D: | 198,98 Gb Total Space | 182,95 Gb Free Space | 91,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN112077290311
Current User Name: Lea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.08.06 17:17:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Downloads\OTL.exe
PRC - [2010.07.30 14:45:17 | 000,573,440 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.exe
PRC - [2010.06.25 10:31:37 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010.06.25 10:31:33 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.06.15 01:53:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.10.15 21:13:02 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\vsserv.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.20 01:04:00 | 001,748,992 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2007.12.20 01:04:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\IGDCTRL.EXE
PRC - [2007.10.02 11:31:02 | 000,909,312 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\FwebProt.exe
PRC - [2006.10.12 10:21:53 | 000,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2005.11.07 17:48:20 | 000,417,792 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\bdmcon.exe
PRC - [2005.08.23 02:17:16 | 000,114,784 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005.08.23 02:17:14 | 000,249,954 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005.08.23 02:16:56 | 000,139,264 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerCinema\PCMService.exe
PRC - [2005.08.23 02:16:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005.08.23 02:16:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.08.12 19:05:54 | 001,859,584 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
PRC - [2005.08.12 17:55:34 | 000,014,336 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2005.08.12 17:55:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2005.08.12 15:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.06.02 17:16:48 | 000,069,632 | ---- | M] (Softwin) -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
PRC - [2005.05.09 12:19:14 | 000,008,192 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdnagent.exe
PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2005.01.07 12:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
PRC - [2003.04.30 16:31:40 | 000,716,800 | ---- | M] (CANON INC.) -- C:\Programme\Canon\BJCard\BJLaunch.exe
PRC - [2003.03.17 16:18:04 | 000,049,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\BJCard\Bjmcmng.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.08.06 17:17:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Downloads\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll
MOD - [2005.08.12 17:53:22 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.10.15 21:13:02 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)
SRV - [2008.07.16 20:24:32 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-022208-143751)
SRV - [2007.12.20 01:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.08.23 02:17:16 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005.08.23 02:17:14 | 000,249,954 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005.08.23 02:16:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.08.12 17:55:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2005.06.02 17:16:48 | 000,069,632 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2005.01.07 12:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003.03.17 16:18:04 | 000,049,152 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Programme\Canon\BJCard\Bjmcmng.exe -- (Bjmcmng)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tsmpkt.sys -- (TSMPacket)
DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.05.09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009.03.14 20:18:39 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2008.10.15 21:13:02 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFsDrv)
DRV - [2008.10.15 21:13:02 | 000,010,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRsDrv)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.20 01:04:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.12.20 01:04:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2005.11.22 23:50:52 | 001,410,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.22 15:00:00 | 000,103,424 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgTun.sys -- (MicNgTun)
DRV - [2005.09.22 15:00:00 | 000,049,792 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgCap.sys -- (MicNgCap)
DRV - [2005.09.22 15:00:00 | 000,044,544 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgBas.sys -- (MicNgBas)
DRV - [2005.06.29 14:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.01.07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003.12.31 12:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.18 05:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.02.12 22:02:26 | 000,047,616 | ---- | M] (T-Online International AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TDSLAdap.sys -- (TDSLAdapter) T-DSL-Adapter (T-Online)
DRV - [2001.02.12 22:02:26 | 000,006,688 | ---- | M] (T-Online International AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDSLProt.sys -- (TDSLProtocol) T-DSL-Protocol (T-Online)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102572
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..keyword.URL: "${URL_SEARCHPAGE}"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.03 19:50:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.25 10:31:44 | 000,000,000 | ---D | M]

[2008.11.01 16:56:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Extensions
[2010.08.06 15:22:17 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions
[2010.08.06 15:06:37 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.06 15:06:49 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.08.06 15:22:04 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.08.06 15:06:46 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\optimizegoogle@optimizegoogle.com
[2010.08.06 15:11:31 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\optout@google.com
[2008.11.01 16:56:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\toolbar_extras@de.yahoo.com
[2010.06.16 18:54:07 | 000,001,819 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\searchplugins\bing.xml
[2010.08.06 16:56:48 | 000,000,944 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\searchplugins\icqplugin.xml
[2010.04.29 09:23:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.25 10:31:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 10:31:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.25 10:31:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.25 10:31:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.25 10:31:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.04.01 11:13:56 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] c:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\bdmcon.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe ()
O4 - HKLM..\Run: [BJLaunchEXE] C:\Programme\Canon\BJCard\BJLaunch.exe (CANON INC.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMService] C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe ()
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk = C:\Programme\VR-NetWorld\VRToolCheckOrder.exe File not found
O4 - Startup: D:\Dokumente und Einstellungen\Lea\Startmenü\Programme\Autostart\DSL Internet.lnk = C:\Programme\1&1\FritzDsl.exe (AVM Berlin)
O4 - Startup: D:\Dokumente und Einstellungen\Lea\Startmenü\Programme\Autostart\DSL Protect.lnk = C:\Programme\1&1\FwebProt.exe (AVM Berlin)
O4 - Startup: D:\Dokumente und Einstellungen\Lea\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\1&1\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.airport-nuernberg.de/_/tools/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/15547/defaults/activex/ips/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Imikimi_activex_plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (ïsockspy.dll) - File not found
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Apps\Softex\OmniPass\opxpgina.dll - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 () - http://image01.otto.de/pool/formatr/1030000.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.08.06 17:06:51 | 000,000,000 | RH-D | C] -- D:\Dokumente und Einstellungen\Lea\Recent
[2010.08.06 16:58:23 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Malwarebytes
[2010.08.06 16:58:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.06 16:57:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.06 16:57:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.06 16:57:59 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.06 16:47:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.06 14:19:27 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
[2010.08.06 14:19:15 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
[2010.08.06 12:37:34 | 000,000,000 | R--D | C] -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Eigene Bilder
[2010.07.13 21:05:55 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[196 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[177 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.08.06 17:22:54 | 000,005,771 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf_navps.dat
[2010.08.06 17:22:09 | 000,003,349 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.dat
[2010.08.06 17:09:06 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DAC26116-D4E1-461C-9CF7-67BC9D1D8BB0}.job
[2010.08.06 16:59:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.06 16:58:04 | 000,000,569 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.06 16:48:02 | 000,000,575 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\CCleaner.lnk
[2010.08.06 16:35:07 | 000,002,051 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk
[2010.08.06 16:33:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.06 16:33:31 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.06 16:33:18 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.08.06 16:33:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.06 16:33:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.06 16:33:01 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.06 16:31:53 | 007,602,176 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\ntuser.dat
[2010.08.06 16:31:53 | 000,000,300 | -HS- | M] () -- D:\Dokumente und Einstellungen\Lea\ntuser.ini
[2010.08.06 10:03:58 | 000,002,161 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.08.02 19:17:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp5086B.FOT
[2010.08.02 19:17:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp1A86B.FOT
[2010.08.02 19:17:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.08.01 18:59:31 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.01 18:59:30 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.01 18:59:29 | 000,394,500 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.01 18:59:28 | 000,064,598 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.01 18:59:22 | 000,906,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.01 14:45:33 | 000,248,755 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf_nav.dat
[2010.07.30 14:45:17 | 000,573,440 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.exe
[2010.07.29 15:18:10 | 000,009,752 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.07.22 15:42:48 | 001,224,042 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0004.JPG
[2010.07.21 16:20:50 | 001,629,044 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0005.JPG
[2010.07.20 20:13:55 | 002,037,373 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0006.JPG
[2010.07.17 18:16:24 | 001,433,588 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0026.JPG
[2010.07.17 18:15:54 | 001,494,281 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0025.JPG
[2010.07.17 18:13:23 | 001,128,663 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0024.JPG
[2010.07.17 18:11:51 | 001,204,271 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0023.JPG
[2010.07.17 18:10:16 | 001,082,593 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0021.JPG
[2010.07.17 18:08:59 | 002,082,920 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0019.JPG
[2010.07.17 18:08:10 | 001,629,128 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0016.JPG
[2010.07.17 18:06:17 | 001,600,521 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0017.JPG
[2010.07.17 18:03:26 | 002,113,225 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0010.JPG
[2010.07.17 18:03:17 | 002,033,039 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0009.JPG
[2010.07.17 18:00:42 | 001,690,623 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0008.JPG
[2010.07.17 17:58:32 | 001,387,743 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0007.JPG
[2010.07.17 17:17:47 | 001,996,742 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0012.JPG
[2010.07.17 17:17:12 | 001,108,092 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0013.JPG
[2010.07.09 23:12:23 | 000,379,036 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\urlaub2009.jpg
[2010.07.09 20:19:32 | 000,027,543 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Vorschau1.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[196 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[177 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.08.06 16:58:04 | 000,000,569 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.06 16:48:02 | 000,000,575 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\CCleaner.lnk
[2010.08.02 19:17:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp5086B.FOT
[2010.08.02 19:17:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp1A86B.FOT
[2010.07.30 14:45:17 | 000,573,440 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.exe
[2010.07.30 14:45:17 | 000,248,755 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf_nav.dat
[2010.07.30 14:45:17 | 000,005,760 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf_navps.dat
[2010.07.30 14:45:17 | 000,003,382 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.dat
[2010.07.20 20:17:41 | 001,224,042 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0004.JPG
[2010.07.20 20:12:57 | 001,629,044 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0005.JPG
[2010.07.17 18:15:54 | 001,433,588 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0026.JPG
[2010.07.17 18:15:19 | 001,494,281 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0025.JPG
[2010.07.17 18:12:56 | 001,128,663 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0024.JPG
[2010.07.17 18:11:20 | 001,204,271 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0023.JPG
[2010.07.17 18:09:44 | 001,082,593 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0021.JPG
[2010.07.17 18:07:42 | 002,082,920 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0019.JPG
[2010.07.17 18:05:19 | 001,600,521 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0017.JPG
[2010.07.17 18:01:06 | 002,113,225 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0010.JPG
[2010.07.17 18:01:02 | 002,033,039 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0009.JPG
[2010.07.17 17:17:47 | 001,629,128 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0016.JPG
[2010.07.17 17:17:06 | 001,996,742 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0012.JPG
[2010.07.17 17:16:48 | 001,108,092 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0013.JPG
[2010.07.15 22:51:22 | 001,690,623 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0008.JPG
[2010.07.15 22:51:14 | 001,387,743 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0007.JPG
[2010.07.14 17:42:10 | 002,037,373 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\PICT0006.JPG
[2010.07.09 23:12:18 | 000,379,036 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\urlaub2009.jpg
[2010.07.09 20:19:31 | 000,027,543 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Vorschau1.jpg
[2009.06.15 23:22:23 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2008.12.16 19:01:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008.11.14 18:37:49 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Lilli2.ini
[2008.11.14 18:37:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lbusc.ini
[2008.11.09 12:37:44 | 000,000,110 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.09.20 18:31:29 | 000,000,166 | ---- | C] () -- C:\WINDOWS\LilliP.ini
[2008.08.06 00:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.08.05 23:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.08.05 23:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.08.05 23:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.01.03 19:08:30 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WIWWI.ini
[2007.03.07 19:23:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2007.01.09 13:46:28 | 000,000,327 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006.04.01 17:57:17 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5k.DLL
[2006.03.07 18:07:08 | 000,001,039 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.10.21 16:28:56 | 000,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll
[2005.02.23 10:54:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.02.23 10:45:53 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005.02.23 10:44:46 | 000,000,714 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.02.23 10:39:37 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2005.02.23 10:36:25 | 000,007,513 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005.02.23 10:24:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.08.11 20:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[1998.10.11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
< End of report >

OTL Extras logfile created on: 06.08.2010 17:17:46 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 220,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,98 Gb Total Space | 8,93 Gb Free Space | 29,78% Space Free | Partition Type: NTFS
Drive D: | 198,98 Gb Total Space | 182,95 Gb Free Space | 91,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN112077290311
Current User Name: Lea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CeWe Fotobuch.exe] -- "C:\Programme\CeWe Color\Mein CeWe Fotobuch\Mein CeWe Fotobuch.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56143:TCP" = 56143:TCP:*:Enabled

ando Media Booster
"56143:UDP" = 56143:UDP:*:Enabled

ando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22008
"56143:TCP" = 56143:TCP:*:Enabled

ando Media Booster
"56143:UDP" = 56143:UDP:*:Enabled

ando Media Booster

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled

ando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\Ahead\SIPPS\SIPPS.exe" = %ProgramFiles%\Ahead\SIPPS\SIPPS.exe:*:Enabled:SIPPS -- File not found
"%ProgramFiles%\sipgate X-Lite\sipgateXLite.exe" = %ProgramFiles%\sipgate X-Lite\sipgateXLite.exe:*:Enabled:sipgateXLite -- File not found
"C:\Programme\FrostWire\FrostWire.exe" = C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled

ando Media Booster -- ()

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0494ACA0-E038-4604-BF83-1B5D5A517C05}" = ATI Catalyst Control Center
"{119F5471-91A6-47CC-80AB-380845C08E27}" = LevelR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34660028-FC4D-468E-8AB4-D5B3A4305683}" = Winklers Lernprogramm 2086
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{511A5609-446A-11D5-9FA6-0060087051D5}" = T-DSL Treiber
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD8FD34-8559-4028-922B-50797D151E04}" = Speicherkarten-Utility
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"10th_mac" = 10th_mac Screen Saver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"Deutsch 1" = Deutsch 1 1.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.17.2
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Imikimi Plugin" = Imikimi Plugin
"itereejf" = Favorit
"Lernkartenfabrik_is1" = Lernkartenfabrik Beta 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mathe 1" = Mathe 1 1.0
"Mein CeWe Fotobuch" = Mein CeWe Fotobuch
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RealPlayer 6.0" = RealPlayer
"T-Online Fotoservice" = T-Online Fotoservice
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 23.07.2010 07:45:17 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 08:45:18 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 09:45:18 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 10:45:17 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 11:45:16 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 12:45:18 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 13:45:16 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 14:45:16 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 15:45:18 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

Error - 23.07.2010 16:45:17 | Computer Name = SN112077290311 | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 13.01.2009 17:35:38 | Computer Name = SN112077290311 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 5105 seconds with 4440 seconds of active time. This session ended with a
crash.

Error - 29.06.2009 16:42:18 | Computer Name = SN112077290311 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.06.2009 16:42:27 | Computer Name = SN112077290311 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.06.2009 16:42:33 | Computer Name = SN112077290311 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.06.2009 16:42:38 | Computer Name = SN112077290311 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.06.2009 16:42:57 | Computer Name = SN112077290311 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27.10.2009 10:45:20 | Computer Name = SN112077290311 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 18, Application Name: Picture Manager, Application Version: 12.0.6211.1000,
Microsoft Office Version: 12.0.6215.1000. This session lasted 55 seconds with 0
seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.08.2010 08:16:37 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 08:16:38 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 08:16:38 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 08:16:38 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 08:16:38 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 08:16:38 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 08:16:38 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 08:16:38 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 08:16:38 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Error - 06.08.2010 10:33:12 | Computer Name = SN112077290311 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Java Quick Starter" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).

< End of report >

06.08.2010, 18:04

gangren

Member

Beiträge: 420

#9 Wurden die beiden Programme etwa parallel ausgeführt? In Zukunft bitte einen Schritt nach dem anderen abarbeiten.

1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk = C:\Programme\VR-NetWorld\VRToolCheckOrder.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (ïsockspy.dll) - File not found
[2010.08.02 19:17:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp5086B.FOT
[2010.08.02 19:17:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp1A86B.FOT
[2010.07.30 14:45:17 | 000,573,440 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.exe
[2010.07.30 14:45:17 | 000,248,755 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf_nav.dat
[2010.07.30 14:45:17 | 000,005,760 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf_navps.dat
[2010.07.30 14:45:17 | 000,003,382 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.dat

:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Run Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log.

2. RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme.
Gehe unten auf den Reiter Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Falls gefragt, wähle Laufwerk C:
Bestätige mit OK.
Am Ende des Scans wird ein Log eingeblendet, poste es bitte.

06.08.2010, 18:51

petermarkus

Member

Themenstarter

Beiträge: 690

#10 ich habe es nacheinander ausgeführt.

1.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ not found.
File move failed. D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\x-sdch\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1759355-3EEC-4C1E-B0F1-B719FE26E377}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:ïsockspy.dll deleted successfully.
File C:\WINDOWS\System32\tmp5086B.FOT not found.
File C:\WINDOWS\System32\tmp1A86B.FOT not found.
File D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.exe not found.
File D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf_nav.dat not found.
File D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf_navps.dat not found.
File D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\itereejf.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Besitzer

06.08.2010, 19:35

petermarkus

Member

Themenstarter

Beiträge: 690

#11 2.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/08/06 19:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDD7A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A17000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEB1F2000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\CORRUPT-0-eddy bar.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\CORRUPT-0-schnuffel - greatest hits.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-5745425-alles neu (hot remix).mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-5745425-so soll es bleiben ich und (unplugged version).mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\preview-t-3877632-christian petru - greatest hits.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\preview-t-3877632-eddy bar.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\preview-t-3877632-shaun baker.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-5078290-keep it together euro techno.wav
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\t-3877632-christian petru - greatest hits.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\t-3877632-shaun baker.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3897203-keep it together mr dj royal (hot new track).au
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3926616-elektro house 2009.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3926616-modo [256k quality].mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3926616-mr dj royal vs [160k quality].mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3545425-fistclass finest house 2008.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3545425-so soll es bleiben ich und.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-2517108-eddy bar.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-4061074-ich bin verliebt (rare track).snd
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-4061074-keep it mr dj royal vs (rare track).snd
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3428740-goodbye lenin - best track ever.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3428740-modo.mp3
Status: Locked to the Windows API!

Path: C:\Programme\Incomplete\T-3428740-mr dj royal techno - best track ever.mp3
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27a9ac

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27a95e

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27aa12

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27aa3c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27ae6a

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27aee0

#: 079 Function Name: NtFlushKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27a9e8

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27af58

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdfsdrv.sys" at address 0xeb28bf1f

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27a91c

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27aea6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27af1c

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27aae9

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\Programme\Softwin\BitDefender8\bdrsdrv.sys" at address 0xeb27af86

==EOF==

06.08.2010, 20:07

gangren

Member

Beiträge: 420

#12 Ok,

zwei habe ich noch:

1. Panda ActiveScan2.0
http://www.pandasecurity.com/homeusers/solutions/activescan/

Klicke auf Scan your PC now
Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen.
Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In: ). Den Inhalt der Datei bitte posten.

2. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die OTL.txt (Extras.txt wird diesmal nicht benötigt)

06.08.2010, 22:16

petermarkus

Member

Themenstarter

Beiträge: 690

#13 panda hat nichts gefunden

log vom OTL hier:

OTL logfile created on: 06.08.2010 22:08:02 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 275,00 Mb Available Physical Memory | 27,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,98 Gb Total Space | 10,49 Gb Free Space | 35,00% Space Free | Partition Type: NTFS
Drive D: | 198,98 Gb Total Space | 191,70 Gb Free Space | 96,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN112077290311
Current User Name: Lea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.08.06 17:17:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Downloads\OTL.exe
PRC - [2010.06.15 01:53:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.10.15 21:13:02 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\vsserv.exe
PRC - [2008.06.12 12:09:03 | 000,035,648 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.20 01:04:00 | 001,748,992 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2007.12.20 01:04:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\IGDCTRL.EXE
PRC - [2007.10.02 11:31:02 | 000,909,312 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\FwebProt.exe
PRC - [2006.10.12 10:21:53 | 000,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2005.11.07 17:48:20 | 000,417,792 | ---- | M] (SOFTWIN S.R.L.) -- c:\Programme\Softwin\BitDefender8\bdmcon.exe
PRC - [2005.08.23 02:17:16 | 000,114,784 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005.08.23 02:17:14 | 000,249,954 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005.08.23 02:16:56 | 000,139,264 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerCinema\PCMService.exe
PRC - [2005.08.23 02:16:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005.08.23 02:16:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.08.12 19:05:54 | 001,859,584 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
PRC - [2005.08.12 17:55:34 | 000,014,336 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2005.08.12 17:55:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2005.08.12 15:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.06.02 17:16:48 | 000,069,632 | ---- | M] (Softwin) -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
PRC - [2005.05.09 12:19:14 | 000,008,192 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdnagent.exe
PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2005.01.07 12:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
PRC - [2003.04.30 16:31:40 | 000,716,800 | ---- | M] (CANON INC.) -- C:\Programme\Canon\BJCard\BJLaunch.exe
PRC - [2003.03.17 16:18:04 | 000,049,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\BJCard\Bjmcmng.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.08.06 17:17:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Downloads\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll
MOD - [2005.08.12 17:53:22 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.10.15 21:13:02 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)
SRV - [2008.07.16 20:24:32 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-022208-143751)
SRV - [2007.12.20 01:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.08.23 02:17:16 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005.08.23 02:17:14 | 000,249,954 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005.08.23 02:16:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.08.12 17:55:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2005.06.02 17:16:48 | 000,069,632 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2005.01.07 12:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003.03.17 16:18:04 | 000,049,152 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Programme\Canon\BJCard\Bjmcmng.exe -- (Bjmcmng)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tsmpkt.sys -- (TSMPacket)
DRV - [2009.05.09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009.03.14 20:18:39 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2008.10.15 21:13:02 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFsDrv)
DRV - [2008.10.15 21:13:02 | 000,010,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRsDrv)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.20 01:04:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.12.20 01:04:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2005.11.22 23:50:52 | 001,410,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.22 15:00:00 | 000,103,424 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgTun.sys -- (MicNgTun)
DRV - [2005.09.22 15:00:00 | 000,049,792 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgCap.sys -- (MicNgCap)
DRV - [2005.09.22 15:00:00 | 000,044,544 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgBas.sys -- (MicNgBas)
DRV - [2005.06.29 14:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.01.07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003.12.31 12:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.18 05:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.02.12 22:02:26 | 000,047,616 | ---- | M] (T-Online International AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TDSLAdap.sys -- (TDSLAdapter) T-DSL-Adapter (T-Online)
DRV - [2001.02.12 22:02:26 | 000,006,688 | ---- | M] (T-Online International AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDSLProt.sys -- (TDSLProtocol) T-DSL-Protocol (T-Online)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102572
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..keyword.URL: "${URL_SEARCHPAGE}"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.03 19:50:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.25 10:31:44 | 000,000,000 | ---D | M]

[2008.11.01 16:56:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Extensions
[2010.08.06 17:41:15 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions
[2010.08.06 15:06:37 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.06 15:06:49 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.08.06 15:22:04 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.08.06 15:06:46 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\optimizegoogle@optimizegoogle.com
[2010.08.06 15:11:31 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\optout@google.com
[2010.08.06 17:41:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\personas@christopher.beard
[2008.11.01 16:56:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\extensions\toolbar_extras@de.yahoo.com
[2010.06.16 18:54:07 | 000,001,819 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\searchplugins\bing.xml
[2010.08.06 16:56:48 | 000,000,944 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Mozilla\Firefox\Profiles\wr64rrl0.default\searchplugins\icqplugin.xml
[2010.04.29 09:23:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.25 10:31:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 10:31:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.25 10:31:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.25 10:31:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.25 10:31:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.04.01 11:13:56 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] c:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\bdmcon.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [BDNewsAgent] c:\Programme\Softwin\BitDefender8\bdnagent.exe ()
O4 - HKLM..\Run: [BJLaunchEXE] C:\Programme\Canon\BJCard\BJLaunch.exe (CANON INC.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMService] C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe ()
O4 - Startup: D:\Dokumente und Einstellungen\Lea\Startmenü\Programme\Autostart\DSL Internet.lnk = C:\Programme\1&1\FritzDsl.exe (AVM Berlin)
O4 - Startup: D:\Dokumente und Einstellungen\Lea\Startmenü\Programme\Autostart\DSL Protect.lnk = C:\Programme\1&1\FwebProt.exe (AVM Berlin)
O4 - Startup: D:\Dokumente und Einstellungen\Lea\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\1&1\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.airport-nuernberg.de/_/tools/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/15547/defaults/activex/ips/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Imikimi_activex_plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) - C:\WINDOWS\System32\sockspy.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Apps\Softex\OmniPass\opxpgina.dll - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 () - http://image01.otto.de/pool/formatr/1030000.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010.08.06 21:58:16 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010.08.06 21:57:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.08.06 21:57:34 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.08.06 21:45:37 | 000,000,000 | RH-D | C] -- D:\Dokumente und Einstellungen\Lea\Recent
[2010.08.06 16:58:23 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Malwarebytes
[2010.08.06 16:58:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.06 16:57:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.06 16:57:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.06 16:57:59 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.06 16:47:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.06 14:19:27 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
[2010.08.06 14:19:15 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
[2010.08.06 12:37:34 | 000,000,000 | R--D | C] -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\Eigene Bilder
[2010.06.26 00:48:20 | 000,000,000 | ---D | C] -- C:\Programme\gamigo AG
[2010.06.25 23:33:40 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\PMB Files
[2010.06.25 23:33:36 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.06.25 23:33:15 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2010.06.25 21:11:37 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\gtk-2.0
[2010.06.25 21:11:36 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Lea\.thumbnails
[2010.06.25 21:09:17 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Lea\.gimp-2.6
[2010.06.25 21:09:16 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\gegl-0.0
[2010.06.25 21:08:05 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2010.06.23 14:24:55 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\PHPNukeDE
[2010.06.23 14:24:53 | 000,000,000 | ---D | C] -- C:\Programme\PHPNukeDE

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010.08.06 22:00:10 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DAC26116-D4E1-461C-9CF7-67BC9D1D8BB0}.job
[2010.08.06 21:59:07 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.06 21:53:16 | 000,003,137 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\x_dtrace_log
[2010.08.06 21:52:55 | 000,000,014 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\getfile.dat
[2010.08.06 21:42:45 | 000,002,051 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk
[2010.08.06 21:41:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.06 21:41:09 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.06 21:40:46 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.08.06 21:40:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.06 21:40:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.06 21:40:28 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.06 19:36:58 | 007,602,176 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\ntuser.dat
[2010.08.06 19:36:58 | 000,000,300 | -HS- | M] () -- D:\Dokumente und Einstellungen\Lea\ntuser.ini
[2010.08.06 19:02:11 | 000,000,000 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\settings.dat
[2010.08.06 16:58:04 | 000,000,569 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.06 16:48:02 | 000,000,575 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\CCleaner.lnk
[2010.08.06 10:03:58 | 000,002,161 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.08.02 19:17:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.08.01 18:59:31 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.01 18:59:30 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.01 18:59:29 | 000,394,500 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.01 18:59:28 | 000,064,598 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.01 18:59:22 | 000,906,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.29 15:18:10 | 000,009,752 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010.07.09 23:12:23 | 000,379,036 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\urlaub2009.jpg
[2010.07.09 20:19:32 | 000,027,543 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Vorschau1.jpg
[2010.06.25 23:57:25 | 000,003,489 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\.recently-used.xbel
[2010.06.24 00:00:52 | 000,001,039 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010.06.18 00:00:43 | 000,037,362 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\v4.jpg
[2010.06.12 19:23:14 | 003,344,512 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Uwu Lena - Schland oh Schland.mp3
[2010.06.11 22:06:18 | 001,669,934 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\DSCF7882.JPG
[2010.06.11 22:06:04 | 000,765,851 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\DSCF7919.JPG
[2010.06.11 10:13:45 | 000,364,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.07 23:34:43 | 000,027,223 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Starsailor.jpg
[2010.05.31 14:45:04 | 000,073,801 | ---- | M] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Unbenannt.jpg
[2010.05.13 11:59:07 | 000,001,766 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.08.06 19:02:11 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\settings.dat
[2010.08.06 17:39:31 | 000,000,014 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\getfile.dat
[2010.08.06 16:58:04 | 000,000,569 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.06 16:48:02 | 000,000,575 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\CCleaner.lnk
[2010.07.09 23:12:18 | 000,379,036 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\urlaub2009.jpg
[2010.07.09 20:19:31 | 000,027,543 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Vorschau1.jpg
[2010.06.25 23:57:25 | 000,003,489 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\.recently-used.xbel
[2010.06.18 00:00:43 | 000,037,362 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\v4.jpg
[2010.06.12 19:22:42 | 003,344,512 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Uwu Lena - Schland oh Schland.mp3
[2010.06.11 22:05:40 | 001,669,934 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\DSCF7882.JPG
[2010.06.11 22:05:40 | 000,765,851 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Eigene Dateien\DSCF7919.JPG
[2010.06.07 23:34:41 | 000,027,223 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Starsailor.jpg
[2010.05.31 14:44:59 | 000,073,801 | ---- | C] () -- D:\Dokumente und Einstellungen\Lea\Desktop\Unbenannt.jpg
[2010.05.13 11:59:07 | 000,001,766 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2009.06.15 23:22:23 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2008.12.16 19:01:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008.11.14 18:37:49 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Lilli2.ini
[2008.11.14 18:37:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lbusc.ini
[2008.11.09 12:37:44 | 000,000,110 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.09.20 18:31:29 | 000,000,166 | ---- | C] () -- C:\WINDOWS\LilliP.ini
[2008.08.06 00:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.08.05 23:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.08.05 23:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.08.05 23:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.01.03 19:08:30 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WIWWI.ini
[2007.03.07 19:23:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2007.01.09 13:46:28 | 000,000,327 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006.04.01 17:57:17 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5k.DLL
[2006.03.07 18:07:08 | 000,001,039 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.10.21 16:28:56 | 000,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll
[2005.02.23 10:54:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.02.23 10:45:53 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005.02.23 10:44:46 | 000,000,714 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.02.23 10:39:37 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2005.02.23 10:36:25 | 000,007,513 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005.02.23 10:24:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.08.11 20:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[1998.10.11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.01.17 11:33:33 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008.11.08 16:04:26 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2009.06.07 21:07:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LIDL Fotoservice
[2006.01.26 23:49:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2010.06.25 23:34:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2006.03.06 20:09:33 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2006.01.09 18:53:22 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2005.03.04 10:52:12 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online_ZusatzSoftware
[2006.04.03 14:18:51 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2005.12.20 09:32:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2008.11.12 23:17:24 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\DeepBurner
[2006.05.12 09:39:32 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Firstload
[2010.08.06 19:36:35 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\FRITZ!
[2010.01.10 00:45:14 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\FrostWire
[2010.06.25 23:57:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\gtk-2.0
[2010.01.17 11:33:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\ICQ
[2006.08.04 15:04:08 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\MSNInstaller
[2005.03.03 19:36:22 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\OD2
[2008.11.01 19:05:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Opera
[2009.04.13 17:44:52 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Phex
[2005.03.03 16:36:54 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\T-DSL SpeedManager
[2005.03.03 16:44:50 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\T-Online
[2007.01.10 21:02:34 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Template
[2006.04.03 14:20:08 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Ulead Systems
[2008.11.28 18:37:38 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\WEBDE
[2009.09.21 16:31:08 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Wildlife Park 2
[2009.09.21 16:44:40 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Wildlife Park 2 - Abenteuer auf der Ranch
[2005.03.03 16:05:48 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 2.job
[2005.03.03 16:05:48 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 3.job
[2010.08.06 22:00:10 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DAC26116-D4E1-461C-9CF7-67BC9D1D8BB0}.job

[color=#E56717]========== Purity Check ==========[/color]

< End of report >

ich habe meiner Bekannten schon die Leviten gelesen...weder Musik noch andere Sachen einfach mal so downloaden...

06.08.2010, 22:44

gangren

Member

Beiträge: 420

#14 Gut,

1. Starte bitte OTL, kopiere unten in das Skript-Feld rein:

Zitat

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Run Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log.

Macht der Rechner noch Probleme?

06.08.2010, 23:13

petermarkus

Member

Themenstarter

Beiträge: 690

#15 All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Besitzer

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Lea
->Temp folder emptied: 53733606 bytes
->Temporary Internet Files folder emptied: 5415401 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33207686 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT-AUTORITÄT
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT-AUTORITÄT.000
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT-AUTORITÄT.001
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT-AUTORITÄT
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT-AUTORITÄT.000
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT-AUTORITÄT.001
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88,00 mb

[EMPTYFLASH]

User: All Users

User: Besitzer

User: Default User

User: Lea
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LocalService.NT-AUTORITÄT

User: LocalService.NT-AUTORITÄT.000

User: LocalService.NT-AUTORITÄT.001

User: NetworkService

User: NetworkService.NT-AUTORITÄT

User: NetworkService.NT-AUTORITÄT.000

User: NetworkService.NT-AUTORITÄT.001

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08062010_230804

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

»
» Browser schliesst sich von selber. Mozilla Firefox und IE
»
»
»

Seite(n): 1 2