Mail delivery failed: returning message to sender

#0
17.09.2012, 20:47
Member

Beiträge: 68
#1 Hallo,


Schritt 1

von meinem Email Account wird immer o.g. Mail versendet. Habe mal mit dem Standard Scan angefangen...


Schritt 2

OTL

Extra.txt

OTL Extras logfile created on: 17.09.2012 20:27:52 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Dokumente und Einstellungen\King\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,34% Memory free
3,35 Gb Paging File | 2,98 Gb Available in Paging File | 88,92% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 10,64 Gb Free Space | 9,14% Space Free | Partition Type: NTFS
Drive D: | 107,91 Gb Total Space | 77,88 Gb Free Space | 72,17% Space Free | Partition Type: NTFS
Drive E: | 8,55 Gb Total Space | 2,09 Gb Free Space | 24,43% Space Free | Partition Type: FAT32

Computer Name: KINGKPC | User Name: King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled;)NA
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"5985:TCP" = 5985:TCP:*;)isabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*;)isabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\AOL.exe" = %ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console
"%ProgramFiles%\Skype\Phone\Skype.exe" = %ProgramFiles%\Skype\Phone\Skype.exe:*:enabled:Skype
"%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
"%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:Enabled:AOL
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console
"C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe" = C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\Home Cinema\PowerCinema\PCMService.exe" = C:\Programme\Home Cinema\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\PC Spiele\EA GAMES\Star Wars Battlefront II\GameData\BattlefrontII.exe" = D:\PC Spiele\EA GAMES\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII
"D:\PC Spiele\Soldat\Soldat.exe" = D:\PC Spiele\Soldat\Soldat.exe:*:Enabled:Soldat
"D:\PC Spiele\Counter Strike\Counter Strike 1.6\hl.exe" = D:\PC Spiele\Counter Strike\Counter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\PC Spiele\Sierra\FEAR\fpupdate.exe" = D:\PC Spiele\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\PC Spiele\EA GAMES\Need for Speed Carbon\NFSC.exe" = D:\PC Spiele\EA GAMES\Need for Speed Carbon\NFSC.exe:*:Enabled:NFSC
"D:\PC Spiele\CS\SIERRA\Half-Life\hl.exe" = D:\PC Spiele\CS\SIERRA\Half-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)
"D:\PC Spiele\Cry Tek\Far Cry\Bin32\FarCry.exe" = D:\PC Spiele\Cry Tek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry
"D:\PC Spiele\Sierra\FEAR\FEAR.exe" = D:\PC Spiele\Sierra\FEAR\FEAR.exe:*:Enabled:F.E.A.R.
"C:\Programme\Something\TVUPlayer\TVUPlayer.exe" = C:\Programme\Something\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Programme\Something\Skype\Phone\Skype.exe" = C:\Programme\Something\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Programme\Java\jre1.6.0_03\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre1.6.0_03\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Something\sopcast\adv\SopAdver.exe" = C:\Programme\Something\sopcast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\Programme\Something\sopcast\SopCast.exe" = C:\Programme\Something\sopcast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\King\Desktop\inet laden\RSD_0.61\RSD 0.61\RSD.exe" = C:\Dokumente und Einstellungen\King\Desktop\inet laden\RSD_0.61\RSD 0.61\RSD.exe:*:Enabled:RSD
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\update.exe" = C:\Programme\Avira\AntiVir Desktop\update.exe:*:Enabled:update -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"D:\PC Spiele\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\PC Spiele\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"D:\PC Spiele\Konami\PES 2012\pes2012.exe" = D:\PC Spiele\Konami\PES 2012\pes2012.exe:*:Enabled:pro Evolution Soccer 2012 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast -- (www.sopcast.com)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1C30EE39-7644-49CC-9E04-D2D2009D7FBD}" = BVRP_CUE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28173CE5-FDC0-11D9-B098-009027EC0701}" = impact Universal Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Foto 2006 Standard Edition Editor
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{65F8E0A6-A290-4D47-B391-D6353D756854}" = Pro Evolution Soccer 2013 DEMO
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.1.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_Access_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_Access_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_Access_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_Access_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99F575A3-1298-40DE-B7DE-BAE5879710BA}" = Free-Jahreskalender 2012
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D134EA6-0711-4F06-A95A-86E0EA2DB250}" = Mashed Fully Loaded
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A5BFD0B9-6079-4E07-A119-903C1F3D47F0}" = Project Viewer 2010
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB Wireless Keyboard Driver
"{B3750C5C-6EC7-47A7-B4C7-D2462CCAC02E}" = SPEED-LINK DUAL SHOCK ADAPTER
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.7
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"Access" = Microsoft Office Access 2007
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"Counter Strike 1.6 - By PirocaHP.F!N4LShare" = Counter Strike 1.6 - By PirocaHP.F!N4LShare
"Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare" = Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare
"Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem
"FLV Player" = FLV Player 2.0 (build 25)
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.24.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"FreePDF_XP" = FreePDF (Remove only)
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{28173CE5-FDC0-11D9-B098-009027EC0701}" = impact Universal Driver
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"Lazarus_is1" = Lazarus 0.9.30.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v11" = Microsoft Foto 2006 Standard Edition
"RealPlayer 15.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RouterControl" = RouterControl 1.90
"SopCast" = SopCast 3.4.7
"Veetle TV" = Veetle TV
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"X10Hardware" = X10 Hardware(TM)
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 26.04.2012 14:58:50 | Computer Name = KINGKPC | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.

Error - 15.06.2012 13:48:36 | Computer Name = KINGKPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.0.4535, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 16.06.2012 06:42:30 | Computer Name = KINGKPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.0.4535, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 12.07.2012 12:06:26 | Computer Name = KINGKPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 12.09.2012 11:36:29 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126

Error - 12.09.2012 14:04:19 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126

Error - 13.09.2012 11:26:47 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126

Error - 14.09.2012 14:21:46 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126

Error - 15.09.2012 04:04:30 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126

Error - 15.09.2012 12:55:54 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126

Error - 16.09.2012 05:50:49 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126

Error - 16.09.2012 13:34:02 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126

Error - 16.09.2012 13:34:03 | Computer Name = KINGKPC | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Microsoft XPS
Document Writer, Freigabename Drucker.

Error - 17.09.2012 14:10:23 | Computer Name = KINGKPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126


< End of report >

OTL

OTL logfile created on: 17.09.2012 20:27:52 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Dokumente und Einstellungen\King\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,34% Memory free
3,35 Gb Paging File | 2,98 Gb Available in Paging File | 88,92% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 10,64 Gb Free Space | 9,14% Space Free | Partition Type: NTFS
Drive D: | 107,91 Gb Total Space | 77,88 Gb Free Space | 72,17% Space Free | Partition Type: NTFS
Drive E: | 8,55 Gb Total Space | 2,09 Gb Free Space | 24,43% Space Free | Partition Type: FAT32

Computer Name: KINGKPC | User Name: King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.09.17 20:26:54 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\King\Desktop\OTL.exe
PRC - [2012.08.08 21:04:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.03 13:02:25 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.08 21:13:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:13:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:13:52 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.03 03:49:14 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005.10.21 21:42:04 | 000,114,784 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005.10.21 21:42:02 | 000,258,146 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005.10.21 21:41:02 | 001,081,344 | ---- | M] (Cyberlink) -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.10.11 18:11:58 | 000,126,976 | ---- | M] (Dritek System Inc.) -- C:\Programme\Medion Info Display\MdionLCM.exe
PRC - [2005.07.24 23:35:00 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.05.08 21:13:53 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2008.04.14 04:23:07 | 000,056,832 | ---- | M] () -- C:\WINDOWS\system32\msdvbnp.ax
MOD - [2008.04.14 04:23:07 | 000,033,280 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax
MOD - [2008.04.14 04:22:23 | 000,363,520 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005.10.21 21:42:18 | 000,229,438 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSQLDBRec4.dll
MOD - [2005.10.21 21:42:18 | 000,061,538 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSchMgr.dll
MOD - [2005.10.21 21:42:16 | 000,209,000 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapEngine.dll
MOD - [2005.10.21 21:42:16 | 000,028,672 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvcps.dll
MOD - [2005.10.21 21:42:04 | 000,114,784 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
MOD - [2005.10.21 21:42:02 | 000,258,146 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
MOD - [2005.07.27 19:45:08 | 000,061,440 | ---- | M] () -- C:\Programme\Medion Info Display\MsnCtrl.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (windll64)
SRV - File not found [Disabled | Stopped] -- -- (FirebirdServerMAGIXInstance)
SRV - File not found [Disabled | Stopped] -- -- (binconf)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.08 15:43:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.25 10:36:10 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 21:13:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:13:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.03.03 03:49:14 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.10.21 21:42:04 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2005.10.21 21:42:02 | 000,258,146 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2005.10.21 21:41:02 | 001,081,344 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.07.24 23:35:00 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- -- (rseb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\om518vid.sys -- (OM518P)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\k750obex.sys -- (k750obex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\k750mgmt.sys -- (k750mgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\k750mdm.sys -- (k750mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\k750mdfl.sys -- (k750mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\k750bus.sys -- (k750bus)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.08 21:13:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:13:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.22 18:14:15 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.05.10 14:58:58 | 000,010,578 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.03.16 22:05:31 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2007.02.27 20:32:26 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.02.27 20:32:25 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007.01.05 17:21:06 | 000,093,056 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005.10.17 15:52:58 | 000,826,112 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.08.19 00:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005.07.29 12:12:58 | 000,006,485 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IPhid.sys -- (hidfltr)
DRV - [2005.07.14 20:58:38 | 000,241,536 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2005.07.08 15:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vax347b.sys -- (vax347b)
DRV - [2005.06.30 13:16:00 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.05.19 16:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.04.30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vax347s.sys -- (vax347s)
DRV - [2002.12.17 11:36:22 | 000,730,880 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WDMCAPI.sys -- (WDMCAPI)
DRV - [2002.12.09 11:21:28 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP)
DRV - [2002.06.12 23:50:00 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CESG502.sys -- (PVUSB)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\King\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRD
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT649865&SearchSource=3&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.transfermarkt.de/"
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Programme\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.08 15:43:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.13 17:43:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.07.01 19:22:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2011.05.25 22:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Extensions
[2011.05.25 22:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.15 10:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions
[2010.10.31 12:50:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.27 17:00:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.03.06 03:46:09 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2008.01.06 22:50:38 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2011.11.10 22:21:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2007.08.13 23:43:44 | 000,000,000 | ---D | M] (Live TV Toolbar) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}
[2012.07.25 20:31:48 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.15 10:06:03 | 000,270,876 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.02.13 16:51:39 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\searchplugins\icqplugin-1.xml
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\searchplugins\icqplugin.xml
[2011.03.06 03:46:16 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Mozilla\Firefox\Profiles\a37aqbiz.default\searchplugins\qip-search.xml
[2012.09.13 17:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 15:43:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.08 15:43:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.13 17:44:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.08 15:43:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2005.12.05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npmozax.dll
[2012.06.03 13:02:31 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2011.05.08 23:41:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 10:17:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.05.08 23:41:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.08 23:41:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.08 23:41:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.08 23:41:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.07.20 21:22:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\King\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\King\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Herunterladen mit NetXfer - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\access 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} http://www.turntool.com/ViewerInstall.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{110F8A13-8243-4323-ADB1-22BCFA9484A4}: NameServer = 192.168.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E52982A7-8A60-4D76-98B6-561305F9A386}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\King\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\King\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.09 14:46:45 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F4B2380F-9F83-482B-B51F-FD18C7EDD923} - Installation Helper
ActiveX: {HHPHS5UQ-5P3D-GVKT-PIQQ-DAOYDBI24PI3} -
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: CHotkey - hkey= - key= - C:\WINDOWS\mHotkey.exe ()
MsConfig - StartUpReg: CmUCRRun - hkey= - key= - File not found
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: InstantOn - hkey= - key= - C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe ()
MsConfig - StartUpReg: ledpointer - hkey= - key= - C:\WINDOWS\CNYHKey.exe (Chicony)
MsConfig - StartUpReg: Load - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Run - hkey= - key= - File not found
MsConfig - StartUpReg: SkinClock - hkey= - key= - File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.09.17 20:26:54 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\King\Desktop\OTL.exe
[2012.09.08 15:42:58 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.09.17 20:26:54 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\King\Desktop\OTL.exe
[2012.09.17 20:23:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.17 20:11:21 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.17 20:10:15 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1817072429-1912383611-2842898928-1006.job
[2012.09.17 20:10:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.17 20:10:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.17 20:10:00 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 21:55:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.16 13:04:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1817072429-1912383611-2842898928-1006.job
[2012.09.12 21:46:26 | 000,051,326 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Desktop\bbRRP(1).pdf
[2012.09.12 21:45:51 | 000,051,326 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Desktop\bbRRP.pdf
[2012.09.12 20:27:48 | 000,509,873 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Desktop\dws_riester_bestandsuebertragung.pdf
[2012.09.12 20:13:21 | 000,875,798 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Desktop\Antragsformular_Einzeldepot_DWS_RiesterRente_Premium_3jhsdfgh.pdf
[2012.09.10 20:59:51 | 000,143,492 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Desktop\29.660.096 - Zurückweisung Heyen.pdf
[2012.09.10 17:54:33 | 000,235,520 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.10 17:54:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.09.09 19:02:32 | 000,120,337 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Desktop\aab_freistellungsantrag.pdf
[2012.09.09 19:02:23 | 002,444,676 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Desktop\Antragsformular_Einzeldepot_AAB_53ot63vb.pdf
[2012.09.09 18:54:15 | 000,074,493 | ---- | M] () -- C:\Dokumente und Einstellungen\King\Desktop\97c1618e.htm
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.09.12 21:46:27 | 000,051,326 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Desktop\bbRRP(1).pdf
[2012.09.12 21:45:52 | 000,051,326 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Desktop\bbRRP.pdf
[2012.09.12 20:27:48 | 000,509,873 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Desktop\dws_riester_bestandsuebertragung.pdf
[2012.09.12 20:13:20 | 000,875,798 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Desktop\Antragsformular_Einzeldepot_DWS_RiesterRente_Premium_3jhsdfgh.pdf
[2012.09.10 20:59:51 | 000,143,492 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Desktop\29.660.096 - Zurückweisung Heyen.pdf
[2012.09.09 19:02:31 | 000,120,337 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Desktop\aab_freistellungsantrag.pdf
[2012.09.09 19:02:16 | 002,444,676 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Desktop\Antragsformular_Einzeldepot_AAB_53ot63vb.pdf
[2012.09.09 18:54:15 | 000,074,493 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Desktop\97c1618e.htm
[2012.01.29 14:50:22 | 001,849,344 | ---- | C] () -- C:\WINDOWS\System32\Qt4Pas5.dll
[2011.12.22 22:40:32 | 000,000,018 | ---- | C] () -- C:\WINDOWS\xkalFREE2012.dat
[2011.12.10 14:51:48 | 000,000,494 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\alarms.ini
[2011.12.10 14:51:21 | 000,000,745 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\AtomicAlarmClock.ini
[2011.06.23 18:08:38 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.06.23 18:08:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.05.04 21:32:57 | 000,000,872 | ---- | C] () -- C:\WINDOWS\uninst.ini
[2010.12.17 21:39:46 | 000,000,699 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.11.21 22:34:45 | 000,000,178 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\delme.bat
[2010.09.30 22:35:06 | 000,065,243 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\King3SQLite3.dll
[2009.08.08 15:44:37 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\King\PUTTY.RND
[2009.03.14 13:55:29 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\PnkBstrK.sys
[2008.10.24 02:07:03 | 000,001,577 | ---- | C] () -- C:\Dokumente und Einstellungen\King\.recently-used.xbel
[2007.01.27 16:37:54 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2006.08.17 22:59:33 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.08 16:45:21 | 000,000,122 | ---- | C] () -- C:\Dokumente und Einstellungen\King\default.pls
[2005.12.15 13:35:59 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.11.17 15:35:20 | 000,059,360 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\wklnhst.dat
[2005.11.17 15:33:51 | 000,235,520 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.11.17 15:33:51 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\King\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.04.08 04:16:43 | 000,807,752 | -H-- | C] () -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Kinglog.dat

[color=#E56717]========== LOP Check ==========[/color]

[2009.02.10 19:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2008.10.22 18:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010.12.20 19:13:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2011.06.23 18:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2005.10.09 14:49:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications
[2010.10.31 14:35:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.08.14 16:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
[2007.01.27 15:04:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2005.10.09 14:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2009.07.19 22:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SITEguard
[2009.07.20 21:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla!
[2009.12.30 02:30:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.12.12 22:51:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007.09.28 15:38:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2005.10.18 15:28:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings
[2011.12.12 01:10:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2006.02.23 19:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Ankh
[2010.12.21 12:05:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Azureus
[2008.10.22 18:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\DAEMON Tools Pro
[2012.08.18 13:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\DVDVideoSoft
[2011.11.10 22:21:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\DVDVideoSoftIEHelpers
[2007.10.27 17:58:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Gearbox Software
[2008.10.24 02:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\gtk-2.0
[2012.06.02 16:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\ICQ
[2006.09.27 14:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\ICQ Toolbar
[2007.01.08 18:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\ICQ6
[2006.08.09 18:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\ICQLite
[2009.03.14 13:56:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\id Software
[2009.08.14 15:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\KaLoMa
[2008.07.22 20:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Load
[2007.01.27 15:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\MAGIX
[2008.01.06 22:54:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Megaupload
[2011.03.06 03:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Miranda
[2007.04.18 15:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\MSNInstaller
[2006.12.26 20:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Opera
[2012.07.19 14:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\pdfforge
[2007.08.31 14:38:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\PPMate
[2008.02.24 18:10:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\ppStream
[2011.05.18 21:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Project Viewer 2010
[2011.03.06 03:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\QIP
[2007.02.24 21:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\REAPER
[2007.01.31 17:00:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Samsung
[2010.12.20 02:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Sysutils_Update
[2007.01.12 15:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Teleca
[2011.05.01 23:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\temp
[2006.12.26 18:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Template
[2011.05.25 22:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\Thunderbird
[2011.12.12 01:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\TuneUp Software
[2011.02.17 22:40:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\King\Anwendungsdaten\VIWIS

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2009.01.23 22:52:18 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2011.05.05 23:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.03.21 16:41:28 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.04.09 02:24:20 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.09.12 16:50:21 | 000,000,000 | ---D | M] -- C:\Programme
[2011.04.06 01:11:16 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.10.16 23:02:27 | 000,000,000 | ---D | M] -- C:\Spiele
[2009.01.24 00:47:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.28 15:30:14 | 000,000,000 | ---D | M] -- C:\Temp
[2011.05.02 17:00:57 | 000,000,000 | ---D | M] -- C:\test.exe
[2011.08.28 16:32:52 | 000,000,000 | ---D | M] -- C:\UPBtemp
[2012.09.12 17:36:23 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2010.12.20 00:37:42 | 000,000,000 | ---D | M] -- C:\Windows Policies

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
Invalid Environment Variable: LOCALAPPDATA

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\Programme\UPBtemp\I386\REGEDIT.EXE
[2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-12 15:26:36

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wpabaln.exe:SummaryInformation

< End of report >
Seitenanfang Seitenende
20.09.2012, 00:11
Moderator

Beiträge: 5694
#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: