Solved Windows Calculator and WMP keep popping up

[Resolved] Windows Calculator and WMP keep popping up

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5658

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02.02.2011 16:00:21
mbam-log-2011-02-02 (16-00-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161677
Laufzeit: 3 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\wr (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\administration\anwendungsdaten\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mpwWMA11.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-02 16:38:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f ST3250820AS rev.3.AAC
Running: kke8jofc.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ugtdypob.sys


---- System - GMER 1.0.15 ----

SSDT spqr.sys ZwCreateKey [0xB7EB50E0]
SSDT spqr.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spqr.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spqr.sys ZwOpenKey [0xB7EB50C0]
SSDT spqr.sys ZwQueryKey [0xB7ECE20A]
SSDT spqr.sys ZwQueryValueKey [0xB7ECE08A]
SSDT spqr.sys ZwSetValueKey [0xB7ECE29C]

INT 0x62 ? 8AA52BF8
INT 0x63 ? 8A4D1D68
INT 0x73 ? 8AA55BF8
INT 0xA4 ? 8A4D1D68
INT 0xB4 ? 8AA52BF8
INT 0xB4 ? 8AA52BF8
INT 0xB4 ? 8A4D1D68
INT 0xB4 ? 8AA52BF8

---- Kernel code sections - GMER 1.0.15 ----

? ddklhcq.sys Das System kann die angegebene Datei nicht finden. !
? spqr.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB706E3A0, 0x5FE082, 0xE8000020]
.text USBPORT.SYS!DllUnload B70158AC 5 Bytes JMP 8A4D1348
.text ac10bh6x.SYS B6ECB386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ac10bh6x.SYS B6ECB3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ac10bh6x.SYS B6ECB3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ac10bh6x.SYS B6ECB3C9 1 Byte [2E]
.text ac10bh6x.SYS B6ECB3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAEEB0300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAF349300, 0x1BCE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D4696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41364FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41364F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41364F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41365052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] ole32.dll!CoCreateInstance 774CF1AC 5 Bytes JMP 4126DBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] ole32.dll!OleLoadFromStream 774F981B 5 Bytes JMP 41365370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41364FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41364F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41364F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41365052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spqr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spqr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spqr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spqr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spqr.sys
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\ac10bh6x.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[1392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0231C490
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0231C440
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 02318680
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 023198F0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0231B200
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 02319B60
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 02319970
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0231A800
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0231C140
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0231C180
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0231C520
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0231C000
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0231B160
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0231A120
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 02319AD0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 02319E50
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0231CAA0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0231AB50
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0231AFC0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0231B680
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0231B410
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0231B600
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0231BAE0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0231B7F0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 02319A40
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 02319FD0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0231C260
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0231B550
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0231B100
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0231AF80
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0231B310
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0231C540
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0231B350
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0231C7E0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0231C780
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0231C9D0
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0231CA70
IAT D:\GetRight\GetRight.exe[1968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0231C8A0

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A9E21F8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \Driver\usbuhci \Device\USBPDO-0 8A4F4500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A9E41F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A9E41F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A9E41F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A9E41F8
Device \Driver\usbuhci \Device\USBPDO-1 8A4F4500
Device \Driver\sptd \Device\830266838 spqr.sys
Device \Driver\usbuhci \Device\USBPDO-2 8A4F4500
Device \Driver\PCI_PNP9338 \Device\00000053 spqr.sys
Device \Driver\usbuhci \Device\USBPDO-3 8A4F4500
Device \Driver\usbehci \Device\USBPDO-4 8A4F7500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA531F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8AA531F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom0 8A4F2500
Device \Driver\atapi \Device\Ide\IdePort0 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-17 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-f [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A4F2500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AA531F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom2 8A4F2500
Device \Driver\Ftdisk \Device\HarddiskVolume4 8AA531F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume5 8AA531F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume6 8AA531F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume7 8AA531F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 89CC41F8
Device \Driver\usbstor \Device\00000083 88F351F8
Device \Driver\NetBT \Device\NetbiosSmb 89CC41F8
Device \Driver\usbstor \Device\00000087 88F351F8
Device \Driver\usbstor \Device\00000088 88F351F8
Device \Driver\usbstor \Device\00000089 88F351F8
Device \Driver\usbuhci \Device\USBFDO-0 8A4F4500
Device \Driver\usbuhci \Device\USBFDO-1 8A4F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89CBC1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A4F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89CBC1F8
Device \Driver\usbuhci \Device\USBFDO-3 8A4F4500
Device \Driver\usbehci \Device\USBFDO-4 8A4F7500
Device \Driver\Ftdisk \Device\FtControl 8AA531F8
Device \Driver\usbstor \Device\0000008a 88F351F8
Device \Driver\usbstor \Device\0000008b 88F351F8
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 8A9E31F8
Device \Driver\ac10bh6x \Device\Scsi\ac10bh6x1 8A4DE500
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port4Path3Target1fLun0 8A9E31F8
Device \Driver\ac10bh6x \Device\Scsi\ac10bh6x1Port5Path0Target0Lun0 8A4DE500
Device \FileSystem\Cdfs \Cdfs 88F0D500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 d:\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDF 0xC7 0xBF 0xD9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3A 0x92 0xAD 0xEA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x00 0x9E 0x61 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -211594409
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1176006705
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x38 0x97 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 d:\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x73 0x0A 0x8A 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6B 0x87 0x67 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEF 0xF9 0x2E 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3A 0x92 0xAD 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x42 0xCC 0xD5 0x97 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x38 0x97 0x81 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 d:\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x73 0x0A 0x8A 0x87 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6B 0x87 0x67 0x56 ...

---- EOF - GMER 1.0.15 ----


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x01c47cfd

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB80A8000 ddklhcq.sys
0xB7EB4000 spqr.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6D000 ACPI.sys
0xB7E5C000 pci.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80D8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80E8000 MountMgr.sys
0xB7E3D000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E17000 dmio.sys
0xB8330000 PartMgr.sys
0xB80F8000 VolSnap.sys
0xB7DFF000 atapi.sys
0xB7DC9000 Si3114r5.sys
0xB8108000 disk.sys
0xB8118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DA9000 fltmgr.sys
0xB84BC000 SiWinAcc.sys
0xB7D92000 KSecDD.sys
0xB7D05000 Ntfs.sys
0xB7CD8000 NDIS.sys
0xB7C46000 timntr.sys
0xB7B90000 tdrpm273.sys
0xB7B68000 snapman.sys
0xB85AE000 SiRemFil.sys
0xB7B4E000 Mup.sys
0xB8158000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB706E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB705A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6FFD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83B8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6F7E000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB6F5A000 \SystemRoot\system32\drivers\portcls.sys
0xB8168000 \SystemRoot\system32\drivers\drmk.sys
0xB6F37000 \SystemRoot\system32\drivers\ks.sys
0xB6F02000 \SystemRoot\system32\drivers\ctoss2k.sys
0xB83C8000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xB8178000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8188000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7A5D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8198000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB6ECB000 \SystemRoot\System32\Drivers\ac10bh6x.SYS
0xB81C8000 \SystemRoot\system32\DRIVERS\avmwan.sys
0xB871B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7A3D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6EB4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8438000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8440000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8448000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6E84000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8208000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8450000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8458000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8218000 \SystemRoot\system32\drivers\SaiBus.sys
0xB85BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6D5E000 \SystemRoot\system32\DRIVERS\update.sys
0xB7A25000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8228000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB7A05000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0xB8238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8468000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB7A01000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB79FD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8258000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB08F3000 \SystemRoot\system32\drivers\ha20x2k.sys
0xB08C3000 \SystemRoot\system32\drivers\emupia2k.sys
0xB089A000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xB07FE000 \SystemRoot\system32\drivers\ctac32k.sys
0xB07E9000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0xB07BD000 \SystemRoot\System32\drivers\CT20XUT.SYS
0xB0676000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0xB8480000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB85C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8771000 \SystemRoot\System32\Drivers\Null.SYS
0xB85C6000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8490000 \SystemRoot\System32\drivers\vga.sys
0xB85C8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8498000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB84A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7A71000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0643000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8298000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB05EA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB059A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB0574000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB7A65000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB0552000 \SystemRoot\System32\drivers\afd.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8786000 \??\D:\PCzapper\MediaManager\tvtool.sys
0xB0527000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB85CE000 \SystemRoot\system32\drivers\nod32drv.sys
0xB04B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB82D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB84B0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6D52000 \SystemRoot\System32\Drivers\Razerlow.sys
0xB6D4E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8340000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8308000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6D3A000 \SystemRoot\system32\drivers\usbscan.sys
0xB8378000 \SystemRoot\system32\DRIVERS\SaiIFFB5.sys
0xB8380000 \SystemRoot\system32\DRIVERS\SaiU040B.sys
0xB8388000 \SystemRoot\system32\DRIVERS\SaiU05D2.sys
0xB0323000 \SystemRoot\system32\DRIVERS\SaiHFFB5.sys
0xB02F7000 \SystemRoot\system32\DRIVERS\SaiH040B.sys
0xB8318000 \SystemRoot\system32\DRIVERS\SaiH05d2.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB037B000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8398000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8799000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xAF6E1000 \SystemRoot\system32\DRIVERS\fusbbase.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB84D0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAF30C000 \SystemRoot\system32\drivers\wdmaud.sys
0xAF461000 \SystemRoot\system32\drivers\sysaudio.sys
0xAEF1B000 \SystemRoot\system32\drivers\amon.sys
0xAEEB0000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xAF349000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xAF339000 \SystemRoot\system32\drivers\npf.sys
0xAEFCE000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAEBD5000 \SystemRoot\system32\DRIVERS\srv.sys
0xAE855000 \SystemRoot\system32\DRIVERS\afcdp.sys
0xAE1AA000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ugtdypob.sys
0xACEAC000 \SystemRoot\system32\drivers\kmixer.sys
0xAC51F000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 48):
0 System Idle Process
4 System
688 C:\WINDOWS\system32\smss.exe
1096 csrss.exe
1160 C:\WINDOWS\system32\winlogon.exe
1252 C:\WINDOWS\system32\services.exe
1272 C:\WINDOWS\system32\lsass.exe
1468 C:\WINDOWS\system32\svchost.exe
1524 svchost.exe
1600 C:\WINDOWS\system32\svchost.exe
1680 svchost.exe
1736 svchost.exe
1824 C:\WINDOWS\system32\spoolsv.exe
1908 C:\Programme\Creative\Shared Files\CTAudSvc.exe
672 C:\WINDOWS\explorer.exe
1080 D:\Razer\Diamondback\razerhid.exe
1060 D:\Eset\nod32kui.exe
1092 D:\RepliGo\RepliGoMon.exe
1112 C:\Programme\Saitek\Software\ProfilerU.exe
1172 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
1204 C:\Programme\Saitek\Software\SaiMfd.exe
1224 D:\Acronis\TrueImageHome\TrueImageMonitor.exe
1348 C:\WINDOWS\system32\Ctxfihlp.exe
1324 D:\ClipMate\ClipMate.exe
1512 C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
1588 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
1612 D:\AI RoboForm\robotaskbaricon.exe
1968 D:\GetRight\GetRight.exe
1108 D:\PCzapper\MediaManager\pbMediaCenter.exe
2144 D:\Eset\nod32krn.exe
2164 D:\Razer\Diamondback\razertra.exe
2276 D:\StayAwake\StayAwake.exe
2304 C:\WINDOWS\twain_32\PerfectScan\PerfectScan.exe
2472 D:\RtvReco\RtvReco.exe
2496 D:\WinTidy\WinTidy.exe
2540 D:\ZOTAC FireStorm\Firestorm.exe
2572 D:\Razer\Diamondback\razerofa.exe
3908 C:\WINDOWS\system32\svchost.exe
3984 C:\WINDOWS\system32\TUProgSt.exe
2724 D:\Web-Recherche\WRApp.exe
2916 alg.exe
3132 C:\WINDOWS\system32\CTxfispi.exe
4040 C:\Programme\Internet Explorer\iexplore.exe
1392 C:\Programme\Internet Explorer\iexplore.exe
2412 D:\Totalcmd\TOTALCMD.EXE
3440 D:\UltraEdit\Uedit32.exe
3076 C:\Programme\Internet Explorer\iexplore.exe
3848 G:\GetRight\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`8b7b8000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`5e9f8000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000024`fdf56600 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x0000002f`dc364400 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x0000001f`0068f600 (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAC
PhysicalDrive1 Model Number: MAXTORSTM3250824AS, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

Windows Calculator and Windows Media Player keep popping up-logfiles part 2

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administration at 16:44:07,79 on 02.02.2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2045.1423 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
D:\Razer\Diamondback\razerhid.exe
D:\Eset\nod32kui.exe
D:\RepliGo\RepliGoMon.exe
C:\Programme\Saitek\Software\ProfilerU.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Saitek\Software\SaiMfd.exe
D:\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
D:\ClipMate\ClipMate.exe
C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
D:\AI RoboForm\RoboTaskBarIcon.exe
D:\GetRight\GetRight.exe
D:\PCzapper\MediaManager\pbMediaCenter.exe
d:\Eset\nod32krn.exe
D:\Razer\Diamondback\razertra.exe
d:\StayAwake\StayAwake.exe
C:\WINDOWS\twain_32\PerfectScan\PerfectScan.exe
D:\RtvReco\RtvReco.exe
D:\WinTidy\WinTidy.exe
D:\ZOTAC FireStorm\Firestorm.exe
D:\Razer\Diamondback\razerofa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
D:\Web-Recherche\WRApp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\UltraEdit\uedit32.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
G:\GetRight\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\snagit\SnagitBHO.dll
BHO: Web-Recherche-Browserhilfsobjekt: {255215e2-87dc-4819-8724-d0b4c94dbef5} - d:\web-recherche\WRShell.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - d:\getright\xx2gr.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - d:\ai roboform\roboform.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\java\jre6\bin\jp2ssv.dll
TB: Web-Recherche-Symbolleiste: {8f0f47b1-7d4b-4834-a981-91e2a3dce069} - d:\web-recherche\WRShell.dll
TB: Web-Recherche-Bearbeitungsleiste: {5338df6c-3b3b-4e38-8b31-7b99986627b2} - d:\web-recherche\WRShell.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - d:\ai roboform\roboform.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\snagit\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Web-Recherche: {82d8c102-7902-4ad5-988e-6f3ca276db9b} - d:\web-recherche\WRShell.dll
EB: ClipMate ClipBar 7: {f60c63ce-52af-4915-aac9-f100fcde270f} - d:\clipmate\CLIPMA~1.DLL
uRun: [ClipMate7] d:\clipmate\ClipMate.exe
uRun: [RoboForm] "d:\ai roboform\RoboTaskBarIcon.exe "
mRun: [Diamondback] d:\razer\diamondback\razerhid.exe
mRun: [nod32kui] "d:\eset\nod32kui.exe" /WAITSERVICE
mRun: [RepliGo Assistant] "d:\repligo\RepliGoMon.exe "
mRun: [Profiler] c:\programme\saitek\software\ProfilerU.exe
mRun: [SaiMfd] c:\programme\saitek\software\SaiMfd.exe
mRun: [TrueImageMonitor.exe] "d:\acronis\trueimagehome\TrueImageMonitor.exe "
mRun: [Acronis Scheduler2 Service] "c:\programme\gemeinsame dateien\acronis\schedule2\schedhlp.exe "
mRun: [CTxfiHlp] CTXFIHLP.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\office~1.lnk - d:\groundcontrol\gc.exe
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\rtvreco.lnk - d:\rtvreco\RtvReco.exe
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\wintidy.lnk - d:\wintidy\WinTidy.exe
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\zotacf~1.lnk - d:\zotac firestorm\Firestorm.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\getright.lnk - d:\getright\GetRight.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\pczapp~1.lnk - d:\pczapper\mediamanager\pbMediaCenter.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\perfec~1.lnk - c:\windows\installer\{c43bd391-9b7e-481c-a228-efef75dc9d36}\New_Shortcut_S1418_D11FD9D5408744099ECA21674E639BB8.exe
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Alte Version auf &archives.org ansehen - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\tuarch.htm
IE: In &neuem Fenster öffnen - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\tuofinw.htm
IE: Mit &Google suchen - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\gsearch.htm
IE: Mit GetRight downloaden - d:\getright\GRdownload.htm
IE: Mit Getright-Browser öffnen - d:\getright\GRbrowse.htm
IE: Nach Microsoft &Excel exportieren - d:\micros~1\office11\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://d:\ai roboform\RoboFormComFillForms.html
IE: RF - Formular speichern - file://d:\ai roboform\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://d:\ai roboform\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://d:\ai roboform\RoboFormComShowToolbar.html
IE: RoboForm Editor - file://d:\ai roboform\RoboFormComEditIdent.html
IE: Seite aus dem &Cache anzeigen - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\gcache.htm
IE: Seite mit Google übersetzen - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\gtranslate.htm
IE: Web-Recherche: Bild speichern - d:\web-re~1\wrshell.dll/#101
IE: Web-Recherche: Bild speichern unter... - d:\web-re~1\wrshell.dll/#108
IE: Web-Recherche: Link-Adresse speichern unter... - d:\web-re~1\wrshell.dll/#110
IE: Web-Recherche: Markierte Ziele speichern unter... - d:\web-re~1\wrshell.dll/#111
IE: Web-Recherche: Markierung speichern - d:\web-re~1\wrshell.dll/#104
IE: Web-Recherche: Markierung speichern unter... - d:\web-re~1\wrshell.dll/#109
IE: Web-Recherche: Seitenbereich (Frame) speichern - d:\web-re~1\wrshell.dll/#102
IE: Web-Recherche: Seitenbereich (Frame) speichern unter... - d:\web-re~1\wrshell.dll/#106
IE: Web-Recherche: Ziel speichern - d:\web-re~1\wrshell.dll/#103
IE: Web-Recherche: Ziel speichern unter... - d:\web-re~1\wrshell.dll/#107
IE: Zoom &In - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\tuzoomin.htm
IE: Zoom &Out - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\tuzoomout.htm
IE: Zurückführende &Links - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\gbacklinks.htm
IE: Äh&nliche Seiten - c:\dokumente und einstellungen\administration\anwendungsdaten\tuneup software\tuneup utilities\web\gsimilar.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\micros~2\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file:///W:/components/hidinputmonitorx.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file:///W:/components/A9.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263357043437
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263357035390
DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} - file:///W:/components/wmvhdrating.ocx
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BFE9867F-DFED-4807-BA29-2A58C9C302F0} = 208.67.222.222,208.67.220.220
IFEO: taskmgr.exe - d:\tuneup utilities\PMLauncher.exe

============= SERVICES / DRIVERS ===============

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-1-18 752128]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-5-26 15424]
R1 tvtool;tvtool;d:\pczapper\mediamanager\TVTOOL.SYS [2008-7-18 5248]
R2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\programme\gemeinsame dateien\acronis\cdp\afcdpsrv.exe [2011-1-18 3246040]
R2 NOD32krn;NOD32 Kernel Service;d:\eset\nod32krn.exe [2007-5-26 552064]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 StayAwake;Stay Awake;d:\stayawake\StayAwake.exe [2010-5-22 24576]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-1-18 167968]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [2007-3-2 37568]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 fusbbase;AVM ISDN-Controller FRITZ!Card USB;c:\windows\system32\drivers\fusbbase.sys [2007-3-2 455296]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2006-12-26 13225]
R3 S6U12Scanner;MUSTEK 1200 CU Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2006-12-17 15104]
R3 SaiH05d2;SaiH05d2;c:\windows\system32\drivers\SaiH05d2.sys [2004-7-26 56576]
R3 SaiHFFB5;SaiHFFB5;c:\windows\system32\drivers\SaiHFFB5.sys [2004-8-2 176640]
R3 SaiIFFB5;Immersion's HID USB Driver (FFB5);c:\windows\system32\drivers\SaiIFFB5.sys [2005-12-14 16768]
R3 SaiU05D2;SaiU05D2;c:\windows\system32\drivers\SaiU05D2.sys [2004-7-26 19584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\gemeinsame dateien\creative labs shared\service\CTAELicensing.exe [2011-1-18 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 GPU-Z;GPU-Z;\??\c:\dokume~1\admini~1\lokale~1\temp\gpu-z.sys --> c:\dokume~1\admini~1\lokale~1\temp\GPU-Z.sys [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2004-7-5 30984]
S3 Oasis;Oasis;c:\windows\system32\drivers\Oasisusb.sys [2006-12-10 23038]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2006-12-17 31872]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\saih0109.sys --> c:\windows\system32\drivers\SaiH0109.sys [?]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\saiu0109.sys --> c:\windows\system32\drivers\SaiU0109.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 StarWindServiceAE;StarWind AE Service;d:\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

=============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2011-02-02 14:41:28 -------- d-----w- c:\dokume~1\admini~1\anwend~1\Malwarebytes
2011-02-02 14:41:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-02 14:41:14 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2011-02-02 14:41:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-01 13:27:25 -------- d-----w- c:\dokume~1\admini~1\lokale~1\anwend~1\Electronic Arts
2011-01-31 19:59:40 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Solidshield
2011-01-31 19:58:19 -------- d-----w- c:\dokume~1\admini~1\lokale~1\anwend~1\EA Games
2011-01-27 22:54:17 -------- d-----w- c:\dokume~1\admini~1\anwend~1\Mousepatcher2.0
2011-01-25 15:21:01 -------- d-----w- c:\dokume~1\admini~1\anwend~1\Foxit Software
2011-01-21 17:27:58 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\ABBYY
2011-01-21 00:33:18 -------- d-----w- c:\dokume~1\admini~1\anwend~1\abgx360
2011-01-20 15:15:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 17:48:39 -------- d-----w- c:\programme\NVIDIA Corporation
2011-01-18 17:00:56 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-01-18 17:00:47 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-01-18 17:00:34 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-01-18 16:57:18 -------- d-----w- c:\programme\gemeinsame dateien\Acronis
2011-01-18 16:11:08 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-01-18 16:11:01 -------- d-----w- c:\programme\gemeinsame dateien\Creative Labs Shared
2011-01-18 16:10:40 102400 ----a-w- c:\windows\system32\cttele32.dll
2011-01-18 16:10:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-18 16:10:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-18 15:37:04 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2011-01-18 02:20:55 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-18 02:20:13 45568 -c----w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2011-02-01 13:14:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-25 09:08:22 8456 --sha-w- c:\dokume~1\alluse~1\anwend~1\KGyGaAvL.sys
2011-01-20 15:15:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-19 06:26:18 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-01-19 06:26:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-19 06:26:17 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-08 03:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-06 13:58:56 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-11-18 18:12:41 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:51:40 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21:09 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

============= FINISH: 16:44:22,20 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08.12.2006 06:01:12
System Uptime: 02.02.2011 16:02:19 (0 hours ago)

Motherboard: Intel Corporation | | D975XBX
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | J3E1 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 14 GiB total, 2,512 GiB free.
D: is FIXED (NTFS) - 110 GiB total, 65,49 GiB free.
E: is FIXED (NTFS) - 1 GiB total, 0,011 GiB free.
F: is FIXED (NTFS) - 146 GiB total, 0,968 GiB free.
G: is FIXED (NTFS) - 43 GiB total, 1,88 GiB free.
H: is FIXED (NTFS) - 41 GiB total, 0,074 GiB free.
K: is Removable
L: is Removable
M: is Removable
N: is Removable
O: is Removable
S: is FIXED (NTFS) - 109 GiB total, 0,274 GiB free.
W: is CDROM (CDFS)
X: is CDROM (CDFS)
Y: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ABBYY FineReader 10 Professional Edition
abgx360 v1.0.5
Acronis True Image Home 2011
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
AM-DeadLink 4.4
Anti-Twin (Installation 21.06.2009)
µTorrent
Avidemux 2.5
AVM ISDN TAPI Services for CAPI
Axialis IconWorkshop 6.33
Brothers In Arms EiB
ContainerEx Decrypter
Contents
Corel PaintShop Photo Pro X3
Creative Audio-Systemsteuerung
Creative Konsole Starter
Dead Space 2
Dead Spaceâ„¢
DeviceIO
DivX-Setup
FinePrint
Foxit Reader
GetRight
Grand Theft Auto: Episodes from Liberty City
Guitar Hero World Tour
HijackThis 2.0.2
Hotfix für Windows XP (KB2443685)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB976002-v5)
ICA
ImgBurn
IPM_PSP_Pro
JAP
Java Auto Updater
Java(TM) 6 Update 23
JDownloader
Lame ACM MP3 Codec
Mafia II DLC Joe's Adventures
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft ActiveSync
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MLE
Mousepatcher 2.0
Moyea FLV Editor Lite version: 1.1.1.846
MPEG Video Wizard DVD 5.0.0.110 (12/2010)
MSXML 4.0 SP2 (KB973688)
NAVIGON Sync 1.0
NVIDIA Grafiktreiber 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA Systemsteuerung 266.58
OpenAL
PerfectScan®
POIbase 1.002
PSPH10Pro
PSPPContent
PSPPRO_DCRAW
PureHD
QT Lite 3.2.2
Real Alternative 2.0.2 Lite
Replay Video Capture
RoboForm 7-1-6
Saitek SST Programming Software
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Setup
Share
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Encoder (KB2447961)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
SizeMe 2,0,0,1926
Snagit 10
The Regex Coach 0.9.2
Total Commander (Remove or Repair)
TuneUp Utilities 2009
UltraEdit 16.30
UltraISO Premium V9.36
Unlocker 1.9.0
Update für Windows Internet Explorer 8 (KB2362765)
Update für Windows Internet Explorer 8 (KB2447568)
Update für Windows Internet Explorer 8 (KB972636)
Update für Windows Internet Explorer 8 (KB973874)
Update für Windows Internet Explorer 8 (KB975364)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB978506)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows Internet Explorer 8 (KB980302)
Update für Windows Internet Explorer 8 (KB982632)
Update für Windows Internet Explorer 8 (KB982664)
Update für Windows XP (KB2467659)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Snooper v2.23.01
VC80CRTRedist - 8.0.50727.4053
VIO
VLC media player 1.1.7
Web-Recherche 3
WebFldrs XP
Windows Internet Explorer 8
Windows Media Encoder 9 Series
WinPcap 4.1.2
Xbox 360 Controller for Windows
Yubikey Configuration Utility
ZOTAC FireStorm

==== End Of File ===========================

 

ComboFix.txt

ComboFix 11-01-31.02 - Administration 02.02.2011 19:27:14.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2045.1504 [GMT 1:00]
ausgeführt von:: g:\getright\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\ST6UNST.000
c:\windows\system32\DEBUG.log
c:\windows\XSxS

.
((((((((((((((((((((((( Dateien erstellt von 2011-01-02 bis 2011-02-02 ))))))))))))))))))))))))))))))
.

2011-02-02 14:41 . 2011-02-02 14:41 -------- d-----w- c:\dokumente und einstellungen\Administration\Anwendungsdaten\Malwarebytes
2011-02-02 14:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-02 14:41 . 2011-02-02 14:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-02-02 14:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-01 13:27 . 2011-02-01 13:27 -------- d-----w- c:\dokumente und einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\Electronic Arts
2011-01-31 19:59 . 2011-01-31 19:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Solidshield
2011-01-31 19:58 . 2011-01-31 19:58 -------- d-----w- c:\dokumente und einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\EA Games
2011-01-27 22:54 . 2011-01-28 23:56 -------- d-----w- c:\dokumente und einstellungen\Administration\Anwendungsdaten\Mousepatcher2.0
2011-01-25 15:21 . 2011-01-25 15:21 -------- d-----w- c:\dokumente und einstellungen\Administration\Anwendungsdaten\Foxit Software
2011-01-21 18:22 . 2011-01-21 18:22 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ABBYY
2011-01-21 17:12 . 2011-01-21 17:12 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TechSmith
2011-01-21 00:33 . 2011-01-28 23:21 -------- d-----w- c:\dokumente und einstellungen\Administration\Anwendungsdaten\abgx360
2011-01-21 00:17 . 2011-01-21 01:03 -------- d-----w- c:\dokumente und einstellungen\Administration\Anwendungsdaten\ImgBurn
2011-01-20 15:31 . 2011-01-20 23:42 -------- d-----w- c:\dokumente und einstellungen\Administration\Anwendungsdaten\vlc
2011-01-20 15:16 . 2011-01-20 15:16 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2011-01-20 15:15 . 2011-01-20 15:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 17:48 . 2011-01-18 17:50 -------- d-----w- c:\programme\NVIDIA Corporation
2011-01-18 17:00 . 2011-01-18 17:00 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-01-18 17:00 . 2011-01-18 17:00 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-01-18 17:00 . 2011-01-18 17:00 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-01-18 16:57 . 2011-01-18 16:57 -------- d-----w- c:\programme\Acronis
2011-01-18 16:57 . 2011-01-18 17:00 -------- d-----w- c:\programme\Gemeinsame Dateien\Acronis
2011-01-18 16:11 . 2003-06-12 22:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-01-18 16:11 . 2011-01-18 16:11 -------- d-----w- c:\programme\Gemeinsame Dateien\Creative Labs Shared
2011-01-18 16:10 . 2008-02-04 09:27 102400 ----a-w- c:\windows\system32\cttele32.dll
2011-01-18 16:10 . 2011-01-18 16:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-18 16:10 . 2011-01-18 16:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-18 15:37 . 2009-05-18 13:34 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2011-01-18 02:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-18 02:20 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-01 13:14 . 2007-06-06 02:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-25 09:08 . 2009-06-06 19:49 8456 --sha-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2011-01-20 15:15 . 2010-04-16 15:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-18 17:00 . 2007-08-25 17:28 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-12-06 13:58 . 2010-12-06 13:58 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-11-18 18:12 . 2006-12-08 04:57 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:51 . 2004-08-03 22:57 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2004-08-03 22:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-03 22:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:21 . 2004-08-03 22:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClipMate7 "= "d:\clipmate\ClipMate.exe" [2009-01-31 3760424]
"RoboForm "= "d:\ai roboform\RoboTaskBarIcon.exe" [2011-01-20 107000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Diamondback "= "d:\razer\Diamondback\razerhid.exe" [2007-02-14 147456]
"nod32kui "= "d:\eset\nod32kui.exe" [2007-05-26 949376]
"RepliGo Assistant "= "d:\repligo\RepliGoMon.exe" [2005-10-28 172032]
"Profiler "= "c:\programme\Saitek\Software\ProfilerU.exe" [2006-09-05 184320]
"SaiMfd "= "c:\programme\Saitek\Software\SaiMfd.exe" [2006-09-28 126976]
"TrueImageMonitor.exe "= "d:\acronis\TrueImageHome\TrueImageMonitor.exe" [2010-11-23 5578920]
"Acronis Scheduler2 Service "= "c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2010-11-23 391240]
"CTxfiHlp "= "CTXFIHLP.EXE" [2009-06-03 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Administration\Startmen\Programme\Autostart\
Office Update Reset.lnk - d:\groundcontrol\gc.exe [2007-9-26 507904]
RtvReco.lnk - d:\rtvreco\RtvReco.exe [2007-1-23 241664]
WinTidy.lnk - d:\wintidy\WinTidy.exe [2001-10-8 585216]
Zotac FireStorm.lnk - d:\zotac firestorm\Firestorm.exe [2010-3-29 1001472]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
GetRight.lnk - d:\getright\GetRight.exe [2007-7-1 4657424]
PCzapper Media Manager.lnk - d:\pczapper\MediaManager\pbMediaCenter.exe [2008-7-18 1435648]
PerfectScan Control Panel.lnk - c:\windows\Installer\{C43BD391-9B7E-481C-A228-EFEF75DC9D36}\New_Shortcut_S1418_D11FD9D5408744099ECA21674E639BB8.exe [2010-7-16 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched "= "c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe "
"NvCplDaemon "=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter "=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz "=c:\programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"Bonus.SSR.FR10 "= "d:\finereader professional edition\Bonus.ScreenshotReader.exe" /autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"h:\\utorrent\\uTorrent.exe "=
"d:\\utorrent\\uTorrent.exe "=
"d:\microsoft activesync\rapimgr.exe "= d:\microsoft activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\microsoft activesync\wcescomm.exe "= d:\microsoft activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\microsoft activesync\WCESMgr.exe "= d:\microsoft activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.07.2007 05:25 691696]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [18.01.2011 18:00 752128]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [26.05.2007 11:08 15424]
R1 tvtool;tvtool;d:\pczapper\MediaManager\TVTOOL.SYS [18.07.2008 14:02 5248]
R2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [18.01.2011 18:00 3246040]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.06.2010 18:07 35088]
R2 StayAwake;Stay Awake;d:\stayawake\StayAwake.exe [22.05.2010 06:23 24576]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [18.01.2011 18:00 167968]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [02.03.2007 00:44 37568]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [04.06.2009 02:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [04.06.2009 02:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [04.06.2009 02:46 72728]
R3 fusbbase;AVM ISDN-Controller FRITZ!Card USB;c:\windows\system32\drivers\fusbbase.sys [02.03.2007 00:44 455296]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [26.12.2006 02:52 13225]
R3 S6U12Scanner;MUSTEK 1200 CU Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [17.12.2006 08:42 15104]
R3 SaiH05d2;SaiH05d2;c:\windows\system32\drivers\SaiH05d2.sys [26.07.2004 11:54 56576]
R3 SaiHFFB5;SaiHFFB5;c:\windows\system32\drivers\SaiHFFB5.sys [02.08.2004 11:56 176640]
R3 SaiIFFB5;Immersion's HID USB Driver (FFB5);c:\windows\system32\drivers\SaiIFFB5.sys [14.12.2005 11:10 16768]
R3 SaiU05D2;SaiU05D2;c:\windows\system32\drivers\SaiU05D2.sys [26.07.2004 11:54 19584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [18.01.2011 17:11 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [04.06.2009 02:46 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [04.06.2009 02:46 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [04.06.2009 02:46 72728]
S3 GPU-Z;GPU-Z;\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\GPU-Z.sys --> c:\dokume~1\ADMINI~1\LOKALE~1\Temp\GPU-Z.sys [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [05.07.2004 15:24 30984]
S3 Oasis;Oasis;c:\windows\system32\drivers\Oasisusb.sys [10.12.2006 15:01 23038]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [17.12.2006 09:55 31872]
S3 SaiH0109;SaiH0109;c:\windows\system32\DRIVERS\SaiH0109.sys --> c:\windows\system32\DRIVERS\SaiH0109.sys [?]
S3 SaiU0109;SaiU0109;c:\windows\system32\DRIVERS\SaiU0109.sys --> c:\windows\system32\DRIVERS\SaiU0109.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2011-02-02 c:\windows\Tasks\1-Klick-Wartung.job
- d:\tuneup utilities\OneClickStarter.exe [2009-11-16 11:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Alte Version auf &archives.org ansehen - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
IE: In &neuem Fenster öffnen - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
IE: Mit &Google suchen - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Mit GetRight downloaden - d:\getright\GRdownload.htm
IE: Mit Getright-Browser öffnen - d:\getright\GRbrowse.htm
IE: Nach Microsoft &Excel exportieren - d:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://d:\ai roboform\RoboFormComFillForms.html
IE: RF - Formular speichern - file://d:\ai roboform\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://d:\ai roboform\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://d:\ai roboform\RoboFormComShowToolbar.html
IE: RoboForm Editor - file://d:\ai roboform\RoboFormComEditIdent.html
IE: Seite aus dem &Cache anzeigen - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gcache.htm
IE: Seite mit Google übersetzen - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: Web-Recherche: Bild speichern - d:\web-re~1\wrshell.dll/#101
IE: Web-Recherche: Bild speichern unter... - d:\web-re~1\wrshell.dll/#108
IE: Web-Recherche: Link-Adresse speichern unter... - d:\web-re~1\wrshell.dll/#110
IE: Web-Recherche: Markierte Ziele speichern unter... - d:\web-re~1\wrshell.dll/#111
IE: Web-Recherche: Markierung speichern - d:\web-re~1\wrshell.dll/#104
IE: Web-Recherche: Markierung speichern unter... - d:\web-re~1\wrshell.dll/#109
IE: Web-Recherche: Seitenbereich (Frame) speichern - d:\web-re~1\wrshell.dll/#102
IE: Web-Recherche: Seitenbereich (Frame) speichern unter... - d:\web-re~1\wrshell.dll/#106
IE: Web-Recherche: Ziel speichern - d:\web-re~1\wrshell.dll/#103
IE: Web-Recherche: Ziel speichern unter... - d:\web-re~1\wrshell.dll/#107
IE: Zoom &In* - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
IE: Zoom &Out* - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
IE: Zurückführende &Links - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
IE: Äh&nliche Seiten - c:\dokumente und einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
LSP: c:\windows\system32\imon.dll
TCP: {BFE9867F-DFED-4807-BA29-2A58C9C302F0} = 208.67.222.222,208.67.220.220
.
.
------- Dateityp-Verknüpfung -------
.
.txt=UltraEdit.txt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 19:30
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1454471165-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"?? "=hex:ff,27,39,71,3d,22,bf,ac,c4,5b,c7,f6,0e,69,ec,bb,57,25,c4,b0,25,e6,b4,
8a,a1,3a,68,30,5d,63,fd,56,99,8d,ea,2d,ff,bc,a1,4f,21,94,09,e6,97,c6,64,4d,\
"?? "=hex:9c,17,43,1c,e9,2a,5d,0e,8e,08,98,1c,67,af,49,53

[HKEY_USERS\S-1-5-21-1123561945-1454471165-725345543-1003\Software\SecuROM\License information*]
"datasecu "=hex:4b,dd,ca,41,8a,02,da,ff,6f,51,2a,22,9a,3a,e4,70,40,90,2b,69,c8,
19,1a,01,0c,92,f4,f4,4d,78,9c,c2,de,86,49,41,04,15,a3,57,52,2e,2c,c1,7a,15,\
"rkeysecu "=hex:e4,dc,17,2c,0e,b9,b5,f3,13,d7,13,f8,e8,ea,5f,c0

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C "= "C?\\WINDOWS\\system32\\FM20ENU.DLL "
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(1316)
c:\windows\system32\imon.dll
d:\eset\pr_imon.dll
.
Zeit der Fertigstellung: 2011-02-02 19:31:45
ComboFix-quarantined-files.txt 2011-02-02 18:31

Vor Suchlauf: 2.615.312.384 Bytes frei
Nach Suchlauf: 2.565.341.184 Bytes frei

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 77D29F565FB0D3FFF0E16B58ABF63D40

 

OTL.txt - Part 1

OTL logfile created on: 02.02.2011 20:24:37 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = G:\GetRight
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): E:\pagefile.sys 1489 1489 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,18 Gb Total Space | 2,40 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
Drive D: | 109,83 Gb Total Space | 65,49 Gb Free Space | 59,63% Space Free | Partition Type: NTFS
Drive E: | 1,47 Gb Total Space | 0,01 Gb Free Space | 0,73% Space Free | Partition Type: NTFS
Drive F: | 146,49 Gb Total Space | 0,97 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
Drive G: | 43,47 Gb Total Space | 1,86 Gb Free Space | 4,28% Space Free | Partition Type: NTFS
Drive H: | 41,44 Gb Total Space | 0,10 Gb Free Space | 0,24% Space Free | Partition Type: NTFS
Drive S: | 108,88 Gb Total Space | 0,27 Gb Free Space | 0,25% Space Free | Partition Type: NTFS
Drive W: | 4,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 3,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: STEFAN | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.02.02 19:53:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- G:\GetRight\OTL.exe
PRC - [2011.01.24 16:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- D:\GetRight\GetRight.exe
PRC - [2011.01.20 16:35:41 | 000,107,000 | ---- | M] (Siber Systems) -- D:\AI RoboForm\robotaskbaricon.exe
PRC - [2011.01.18 18:00:53 | 003,246,040 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
PRC - [2010.12.17 07:56:10 | 003,707,808 | ---- | M] (Ghisler Software GmbH) -- D:\Totalcmd\TOTALCMD.EXE
PRC - [2010.11.23 08:18:54 | 000,391,240 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2010.11.23 08:18:52 | 000,805,032 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2010.11.23 08:18:24 | 005,578,920 | ---- | M] (Acronis) -- D:\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.09.19 03:31:24 | 006,550,976 | ---- | M] (macropool GmbH) -- D:\Web-Recherche\WRApp.exe
PRC - [2010.05.22 05:38:04 | 000,024,576 | ---- | M] (Satria) -- d:\StayAwake\StayAwake.exe
PRC - [2010.03.29 11:10:28 | 001,001,472 | ---- | M] (ZOTAC Ltd.) -- D:\ZOTAC FireStorm\Firestorm.exe
PRC - [2009.11.28 14:56:01 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009.06.04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009.06.04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.01.31 10:00:40 | 003,760,424 | ---- | M] (Thornsoft Development, Inc.) -- D:\ClipMate\ClipMate.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.26 11:07:32 | 000,949,376 | ---- | M] (Eset ) -- D:\Eset\nod32kui.exe
PRC - [2007.05.26 11:07:32 | 000,552,064 | ---- | M] (Eset ) -- d:\Eset\nod32krn.exe
PRC - [2007.02.14 10:15:04 | 000,147,456 | ---- | M] () -- D:\Razer\Diamondback\razerhid.exe
PRC - [2007.02.14 10:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- D:\Razer\Diamondback\razerofa.exe
PRC - [2007.02.07 15:00:02 | 000,131,072 | ---- | M] () -- D:\Razer\Diamondback\razertra.exe
PRC - [2006.09.28 10:19:34 | 000,126,976 | ---- | M] (Saitek) -- C:\Programme\Saitek\Software\SaiMfd.exe
PRC - [2006.09.05 08:12:58 | 000,184,320 | ---- | M] (Saitek) -- C:\Programme\Saitek\Software\ProfilerU.exe
PRC - [2005.10.28 22:43:28 | 000,172,032 | ---- | M] (Cerience Corporation) -- D:\RepliGo\RepliGoMon.exe
PRC - [2004.05.05 15:23:38 | 001,435,648 | ---- | M] (Homelinc A/S) -- D:\PCzapper\MediaManager\pbMediaCenter.exe
PRC - [2004.03.26 18:02:12 | 001,160,704 | ---- | M] (Recogniform Technologies SpA) -- C:\WINDOWS\twain_32\PerfectScan\PerfectScan.exe
PRC - [2002.01.20 12:11:36 | 000,241,664 | ---- | M] (RTV Software) -- D:\RtvReco\RtvReco.exe
PRC - [2001.10.08 06:14:20 | 000,585,216 | ---- | M] (Ziff Davis Media, Inc.) -- D:\WinTidy\WinTidy.exe


========== Modules (SafeList) ==========

MOD - [2011.02.02 19:53:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- G:\GetRight\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006.08.17 11:32:04 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2000.01.30 20:24:04 | 000,036,864 | ---- | M] (RTV Software) -- D:\RtvReco\RtvHelp.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.01.18 18:00:53 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.01.18 17:11:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.11.23 08:18:52 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.05.22 05:38:04 | 000,024,576 | ---- | M] (Satria) [Auto | Running] -- d:\StayAwake\StayAwake.exe -- (StayAwake)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.11.28 14:56:01 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.11.28 14:55:57 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.11.09 11:30:59 | 000,085,184 | ---- | M] (Macrovision ) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- d:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.05.26 11:07:32 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- d:\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011.01.18 18:00:56 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.01.18 18:00:47 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011.01.18 18:00:45 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011.01.18 18:00:34 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011.01.08 04:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010.04.12 17:18:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.04.12 17:18:45 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.08 17:46:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009.06.04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009.06.04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009.06.04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009.06.04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009.06.04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009.06.04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009.06.04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009.06.04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009.06.04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009.06.04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009.06.04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009.06.04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009.06.04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008.11.25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008.11.25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008.11.25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008.04.13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2007.05.26 11:07:32 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2007.05.26 11:07:32 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2006.09.28 09:57:44 | 000,035,072 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006.09.28 09:57:38 | 000,013,824 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006.07.26 17:24:40 | 000,231,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005.12.14 11:10:02 | 000,016,768 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiIFFB5.sys -- (SaiIFFB5) Immersion's HID USB Driver (FFB5)
DRV - [2005.12.14 11:09:48 | 000,176,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiHFFB5.sys -- (SaiHFFB5)
DRV - [2005.11.03 09:52:16 | 000,027,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiU040B.sys -- (SaiU040B)
DRV - [2005.11.03 09:52:14 | 000,176,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiH040B.sys -- (SaiH040B)
DRV - [2005.04.24 21:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.07.26 11:54:48 | 000,056,576 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiH05d2.sys -- (SaiH05d2)
DRV - [2004.07.26 11:54:24 | 000,019,584 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiU05D2.sys -- (SaiU05D2)
DRV - [2004.07.26 11:54:14 | 000,026,752 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiClass)
DRV - [2004.07.05 14:24:10 | 000,030,984 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\imhidusb.sys -- (imhidusb)
DRV - [2001.08.17 14:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald)
DRV - [2001.08.17 14:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)
DRV - [2001.08.17 12:15:38 | 000,455,296 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fusbbase.sys -- (fusbbase)
DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2001.08.16 01:03:00 | 000,023,038 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Oasisusb.sys -- (Oasis)
DRV - [1996.04.02 23:00:00 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- D:\PCzapper\MediaManager\TVTOOL.SYS -- (tvtool)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011.02.02 18:48:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\SnagIt\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Web-Recherche-Browserhilfsobjekt) - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Web-Recherche-Bearbeitungsleiste) - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Web-Recherche-Symbolleiste) - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\SnagIt\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Diamondback] d:\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [nod32kui] d:\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [Profiler] C:\Programme\Saitek\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RepliGo Assistant] d:\RepliGo\RepliGoMon.exe (Cerience Corporation)
O4 - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003..\Run: [ClipMate7] D:\ClipMate\ClipMate.exe (Thornsoft Development, Inc.)
O4 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003..\Run: [RoboForm] D:\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Dokumente und Einstellungen\Administration\Startmenü\Programme\Autostart\Office Update Reset.lnk = D:\GroundControl\gc.exe (Acrasoft)
O4 - Startup: C:\Dokumente und Einstellungen\Administration\Startmenü\Programme\Autostart\RtvReco.lnk = D:\RtvReco\RtvReco.exe (RTV Software)
O4 - Startup: C:\Dokumente und Einstellungen\Administration\Startmenü\Programme\Autostart\WinTidy.lnk = D:\WinTidy\WinTidy.exe (Ziff Davis Media, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Administration\Startmenü\Programme\Autostart\Zotac FireStorm.lnk = D:\ZOTAC FireStorm\Firestorm.exe (ZOTAC Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GetRight.lnk = D:\GetRight\GetRight.exe (Headlight Software, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCzapper Media Manager.lnk = D:\PCzapper\MediaManager\pbMediaCenter.exe (Homelinc A/S)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PerfectScan Control Panel.lnk = C:\WINDOWS\Installer\{C43BD391-9B7E-481C-A228-EFEF75DC9D36}\New_Shortcut_S1418_D11FD9D5408744099ECA21674E639BB8.exe (InstallShield Software Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1123561945-1454471165-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Äh&nliche Seiten - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm ()
O8 - Extra context menu item: Alte Version auf &archives.org ansehen - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuarch.htm ()
O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm ()
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm ()
O8 - Extra context menu item: Mit GetRight downloaden - D:\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Mit Getright-Browser öffnen - D:\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - D:\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - D:\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - D:\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - D:\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: RoboForm Editor - D:\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Seite aus dem &Cache anzeigen - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gcache.htm ()
O8 - Extra context menu item: Seite mit Google übersetzen - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm ()
O8 - Extra context menu item: Web-Recherche: Bild speichern - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Bild speichern unter... - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Link-Adresse speichern unter... - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Markierte Ziele speichern unter... - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Markierung speichern - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Markierung speichern unter... - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern unter... - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Ziel speichern - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Ziel speichern unter... - D:\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Zoom &In* - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm ()
O8 - Extra context menu item: Zoom &Out* - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm ()
O8 - Extra context menu item: Zurückführende &Links - C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///W:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///W:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1263357043437 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1263357035390 (MUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///W:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.08 05:59:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.MPEGacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011.02.02 19:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.02.02 18:44:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.02.02 18:44:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.02.02 18:44:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.02.02 18:44:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.02.02 18:44:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.02.02 18:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.02.02 18:43:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.02 15:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Malwarebytes
[2011.02.02 15:41:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.02 15:41:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.02.02 15:41:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.02.02 15:41:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.01 20:29:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dead Space 2
[2011.02.01 16:50:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administration\Recent
[2011.02.01 14:27:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\Electronic Arts
[2011.02.01 14:12:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts
[2011.02.01 14:04:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Eigene Dateien\Electronic Arts
[2011.01.31 20:59:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2011.01.31 20:58:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\EA Games
[2011.01.27 23:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Mousepatcher2.0
[2011.01.25 16:21:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Foxit Software
[2011.01.21 19:22:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2011.01.21 18:27:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ABBYY
[2011.01.21 18:12:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2011.01.21 01:33:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\abgx360
[2011.01.21 01:17:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\ImgBurn
[2011.01.20 16:31:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\vlc
[2011.01.20 16:16:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.01.18 18:49:11 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011.01.18 18:48:39 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2011.01.18 17:57:36 | 000,000,000 | ---D | C] -- C:\Programme\Acronis
[2011.01.18 17:57:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Acronis
[2011.01.18 17:53:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.01.18 17:11:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared
[2011.01.18 17:10:32 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2006.08.17 11:32:46 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

 

OTL.txt - Part 2

========== Files - Modified Within 30 Days ==========

[2011.02.02 20:05:53 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.02.02 20:05:14 | 000,002,385 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PerfectScan Control Panel.lnk
[2011.02.02 20:04:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.02 20:04:41 | 2144,800,768 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.02 20:03:36 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00281102}.rfx
[2011.02.02 20:03:36 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00281102}.rfx
[2011.02.02 20:03:36 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00281102}.rfx
[2011.02.02 18:48:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.02.02 18:45:02 | 000,000,474 | RHS- | M] () -- C:\boot.ini
[2011.02.02 15:41:16 | 000,000,545 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.01 16:38:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.01 14:14:05 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011.01.29 16:05:07 | 000,199,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.26 22:36:05 | 000,000,007 | ---- | M] () -- C:\WINDOWS\INI2=No
[2011.01.26 22:36:05 | 000,000,007 | ---- | M] () -- C:\WINDOWS\INI1=No
[2011.01.26 16:43:55 | 000,000,471 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GetRight.lnk
[2011.01.25 10:08:22 | 000,008,456 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2011.01.22 14:21:10 | 000,000,515 | ---- | M] () -- C:\Dokumente und Einstellungen\Administration\Startmenü\Programme\Autostart\Zotac FireStorm.lnk
[2011.01.22 12:16:26 | 000,341,320 | -H-- | M] () -- C:\treeinfo.wc
[2011.01.21 19:59:48 | 000,000,435 | ---- | M] () -- C:\WINDOWS\asfbinwin.INI
[2011.01.21 03:26:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011.01.21 03:26:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011.01.19 07:26:18 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.01.19 07:26:18 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.01.19 07:26:17 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.01.18 19:00:33 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011.01.18 18:49:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011.01.18 17:10:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011.01.18 03:35:16 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.18 03:25:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.01.08 04:27:00 | 002,292,678 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2011.01.08 04:27:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011.01.08 04:27:00 | 000,003,630 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb

========== Files Created - No Company Name ==========

[2011.02.02 18:45:02 | 000,000,357 | ---- | C] () -- C:\Boot.bak
[2011.02.02 18:44:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2011.02.02 18:44:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.02.02 18:44:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.02.02 18:44:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.02.02 18:44:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.02.02 18:44:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.02.02 15:41:16 | 000,000,545 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.26 22:36:05 | 000,000,007 | ---- | C] () -- C:\WINDOWS\INI2=No
[2011.01.26 22:36:05 | 000,000,007 | ---- | C] () -- C:\WINDOWS\INI1=No
[2011.01.26 16:43:55 | 000,000,471 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GetRight.lnk
[2011.01.18 19:17:10 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\Administration\Startmenü\Programme\Autostart\Zotac FireStorm.lnk
[2011.01.18 18:54:58 | 2144,800,768 | -HS- | C] () -- C:\hiberfil.sys
[2011.01.18 18:49:21 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.01.18 18:49:19 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.01.18 18:49:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.01.18 18:49:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011.01.18 18:49:11 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011.01.18 18:49:11 | 000,003,630 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011.01.18 17:23:10 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011.01.18 17:23:10 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2011.01.18 17:13:03 | 000,054,928 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00281102}.rfx
[2011.01.18 17:13:03 | 000,000,788 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00281102}.rfx
[2011.01.18 17:11:08 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2010.11.08 02:34:29 | 000,000,435 | ---- | C] () -- C:\WINDOWS\asfbinwin.INI
[2010.10.24 05:00:34 | 000,230,576 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.10.19 22:19:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.09.25 17:13:30 | 000,000,008 | ---- | C] () -- C:\WINDOWS\kvs.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010.05.15 11:36:42 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E853575482.sys
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.10.29 06:58:01 | 000,423,184 | ---- | C] () -- C:\WINDOWS\System32\AvmFaxSP.dll
[2009.06.06 20:49:52 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C34FCB7626.sys
[2009.06.06 20:49:51 | 000,008,456 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008.12.24 06:23:46 | 000,000,020 | ---- | C] () -- C:\WINDOWS\cserve.ini
[2008.12.06 14:36:50 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc
[2008.11.20 17:23:31 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.10.13 16:47:36 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\$_hpcst$.hpc
[2008.07.13 23:52:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.05.29 21:42:04 | 000,000,154 | ---- | C] () -- C:\WINDOWS\asfbin.INI
[2008.05.29 20:09:37 | 000,000,399 | ---- | C] () -- C:\WINDOWS\asfbinapp.INI
[2008.05.13 23:48:08 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.05.13 23:48:07 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.05.04 05:57:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008.01.15 20:45:40 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C34FCB7626.sys
[2008.01.15 20:44:57 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\E853575482.sys
[2007.11.11 05:46:26 | 000,000,504 | ---- | C] () -- C:\WINDOWS\pcwListKill.ini
[2007.07.07 05:25:13 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.05.26 11:08:44 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2007.03.10 18:36:41 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.03.05 13:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.03.02 16:29:58 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007.02.11 19:05:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2007.02.10 06:55:15 | 000,005,798 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007.02.10 06:55:15 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\569608F0F2.sys
[2007.02.03 06:05:35 | 000,000,141 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2007.01.20 06:41:47 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2006.12.17 09:18:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2006.12.17 08:42:07 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll
[2006.12.11 16:49:59 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006.12.11 16:49:59 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006.12.11 16:49:58 | 000,010,663 | ---- | C] () -- C:\WINDOWS\RageBinData.ini
[2006.12.08 15:34:21 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.12.08 14:23:57 | 000,199,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.08 05:47:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.09.27 16:47:40 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006.08.17 11:33:54 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006.06.09 15:20:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2005.06.07 21:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004.12.27 17:48:36 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2003.11.18 01:37:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\cszlib.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011.01.29 00:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\abgx360
[2008.12.27 22:34:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Acronis
[2007.02.10 02:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\aignes
[2010.07.10 22:05:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\avidemux
[2009.03.02 21:38:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Axialis
[2010.02.12 18:37:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Bioshock2
[2008.02.03 14:17:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\DonationCoder
[2007.07.30 22:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\FLV Extract
[2011.01.25 16:21:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Foxit Software
[2010.10.19 22:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Gearbox Software
[2011.01.21 02:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\ImgBurn
[2010.10.28 17:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\JonDo
[2008.11.20 05:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Leadertech
[2011.01.29 00:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Mousepatcher2.0
[2010.03.07 06:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Moyea
[2009.09.07 15:24:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\NAVIGON
[2007.01.23 20:16:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\OBP6Backup
[2009.09.06 20:50:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\OfficeUpdate12
[2010.09.25 09:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\ShutdownAddin
[2009.02.14 23:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TechSmith
[2007.01.19 19:15:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Thornsoft Development
[2008.04.04 19:47:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TrueCrypt
[2006.12.12 00:29:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\TuneUp Software
[2010.04.22 13:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Ubisoft
[2010.05.15 11:30:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Ulead Systems
[2011.01.21 16:46:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\uTorrent
[2008.05.01 04:26:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Web-Recherche
[2009.10.23 19:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GetRight
[2011.01.22 23:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2008.02.16 18:14:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cerience
[2010.04.24 15:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Codemasters
[2008.02.04 20:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder
[2010.10.15 20:05:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DSS
[2007.06.30 13:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2008.12.19 16:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nHancer
[2011.01.29 09:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\POIbase
[2007.09.15 10:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm
[2011.01.31 20:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2007.11.03 09:05:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2011.01.21 18:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2011.02.02 20:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006.12.12 00:28:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.05.24 17:42:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2010.06.02 15:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2008.12.28 17:25:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2011.02.02 20:05:53 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006.12.08 05:59:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.08.29 00:44:31 | 000,000,357 | ---- | M] () -- C:\Boot.bak
[2011.02.02 18:45:02 | 000,000,474 | RHS- | M] () -- C:\boot.ini
[2001.08.18 13:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2011.01.18 03:13:40 | 000,000,252 | ---- | M] () -- C:\cmdlog.txt
[2004.08.03 23:00:10 | 000,262,448 | RHS- | M] () -- C:\cmldr
[2011.02.02 19:31:46 | 000,018,238 | ---- | M] () -- C:\ComboFix.txt
[2006.12.08 05:59:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006.12.10 15:01:40 | 000,000,188 | ---- | M] () -- C:\CtDrvIns.log
[2011.02.02 20:04:41 | 2144,800,768 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.12 12:33:57 | 000,013,331 | ---- | M] () -- C:\hs_err_pid3128.log
[2006.12.08 05:59:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006.12.08 05:59:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.05.13 23:51:06 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.09.25 17:49:19 | 000,000,496 | ---- | M] () -- C:\Trece.txt
[2011.01.22 12:16:26 | 000,341,320 | -H-- | M] () -- C:\treeinfo.wc
[2007.11.10 15:51:00 | 000,000,000 | ---- | M] () -- C:\wmic

< %systemroot%\Fonts\*.com >
[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006.12.08 05:59:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007.04.09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2004.12.17 18:04:35 | 000,011,776 | ---- | M] (Cerience Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\RgoProc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006.12.08 06:43:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.12.08 06:43:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.12.08 06:43:30 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006.12.08 06:05:47 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2006.12.08 06:05:47 | 000,000,124 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administration\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2001.08.18 13:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2007.01.20 20:26:34 | 000,000,488 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011.02.02 20:23:18 | 000,016,384 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administration\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008.04.14 03:23:03 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008.04.14 03:22:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Messenger\custsat.dll
[2004.08.04 01:11:24 | 000,004,821 | ---- | M] () -- C:\Programme\Messenger\logowin.gif
[2004.08.04 01:11:24 | 000,007,047 | ---- | M] () -- C:\Programme\Messenger\lvback.gif
[2008.05.02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Messenger\msgsc.dll
[2008.04.13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Messenger\msgslang.dll
[2008.04.14 03:22:54 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Messenger\msmsgs.exe
[2007.04.02 19:07:23 | 000,002,882 | ---- | M] () -- C:\Programme\Messenger\newalert.wav
[2007.04.02 19:07:23 | 000,006,156 | ---- | M] () -- C:\Programme\Messenger\newemail.wav
[2007.04.02 19:07:24 | 000,006,160 | ---- | M] () -- C:\Programme\Messenger\online.wav
[2004.08.04 01:11:26 | 000,004,454 | ---- | M] () -- C:\Programme\Messenger\type.wav
[2004.08.04 00:11:26 | 000,120,389 | ---- | M] () -- C:\Programme\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B0D4D817

< End of report >

 

Extras.txt

OTL Extras logfile created on: 02.02.2011 20:24:37 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = G:\GetRight
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): E:\pagefile.sys 1489 1489 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,18 Gb Total Space | 2,40 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
Drive D: | 109,83 Gb Total Space | 65,49 Gb Free Space | 59,63% Space Free | Partition Type: NTFS
Drive E: | 1,47 Gb Total Space | 0,01 Gb Free Space | 0,73% Space Free | Partition Type: NTFS
Drive F: | 146,49 Gb Total Space | 0,97 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
Drive G: | 43,47 Gb Total Space | 1,86 Gb Free Space | 4,28% Space Free | Partition Type: NTFS
Drive H: | 41,44 Gb Total Space | 0,10 Gb Free Space | 0,24% Space Free | Partition Type: NTFS
Drive S: | 108,88 Gb Total Space | 0,27 Gb Free Space | 0,25% Space Free | Partition Type: NTFS
Drive W: | 4,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 3,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: STEFAN | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = UltraEdit.ini] -- D:\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "D:\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "d:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Microsoft ActiveSync\rapimgr.exe" = D:\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Microsoft ActiveSync\wcescomm.exe" = D:\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Microsoft ActiveSync\WCESMgr.exe" = D:\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\utorrent\uTorrent.exe" = H:\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\utorrent\uTorrent.exe" = D:\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Microsoft ActiveSync\rapimgr.exe" = D:\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Microsoft ActiveSync\wcescomm.exe" = D:\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Microsoft ActiveSync\WCESMgr.exe" = D:\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Spaceâ„¢
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748537A9-B4B4-4F1E-8972-224373ADA231}_is1" = Dead Space 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{967FB80D-56BD-42EF-A942-9E8C78F984A4}" = Saitek SST Programming Software
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1" = MPEG Video Wizard DVD 5.0.0.110 (12/2010)
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C081C7BF-86B9-453D-A91B-1DDC8204E9FA}" = Web-Recherche 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43BD391-9B7E-481C-A228-EFEF75DC9D36}" = PerfectScan®
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DB34A2B1-546B-4392-9031-DB30104E0C0C}" = Yubikey Configuration Utility
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE1EB497-5F0B-4DEF-910B-165707AB09FA}" = UltraEdit 16.30
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"abgx360" = abgx360 v1.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aignesamdeadlink_is1" = AM-DeadLink 4.4
"Anti-Twin 2009-06-21 17.16.14" = Anti-Twin (Installation 21.06.2009)
"AudioCS" = Creative Audio-Systemsteuerung
"Avidemux 2.5" = Avidemux 2.5
"AVM ISDN TAPI Services" = AVM ISDN TAPI Services for CAPI
"BrothersInArmsEiB" = Brothers In Arms EiB
"Console Launcher" = Creative Konsole Starter
"DivX Setup.divx.com" = DivX-Setup
"FinePrint" = FinePrint
"Foxit Reader" = Foxit Reader
"GetRight_is1" = GetRight
"HijackThis" = HijackThis 2.0.2
"IconWorkshop " = Axialis IconWorkshop 6.33
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"JAP" = JAP
"JDownloader" = JDownloader
"LameACM" = Lame ACM MP3 Codec
"Mafia II_is1" = Mafia II DLC Joe's Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NAVIGON Sync" = NAVIGON Sync 1.0
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"POIbase_is1" = POIbase 1.002
"qt7lite_is1" = QT Lite 3.2.2
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Replay Video Capture3.1B" = Replay Video Capture
"SizeMe" = SizeMe 2,0,0,1926
"The Regex Coach_is1" = The Regex Coach 0.9.2
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.36
"Unlocker" = Unlocker 1.9.0
"URLSnooper 2_is1" = URL Snooper v2.23.01
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPcapInst" = WinPcap 4.1.2
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"ZOTAC FireStorm" = ZOTAC FireStorm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-1454471165-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"155aa0534e8cda6b" = Mousepatcher 2.0
"AI RoboForm" = RoboForm 7-1-6
"f58f3889281ea80b" = ContainerEx Decrypter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.10.2010 16:00:33 | Computer Name = STEFAN | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 09.11.2010 16:58:33 | Computer Name = STEFAN | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1706.
Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung
mit dem Netzwerk oder dem CD-ROM-Laufwerk. Weitere mögliche Lösungen für dieses
Problem erhalten Sie unter D:\Microsoft Office\OFFICE11\1031\SETUP.CHM.

Error - 09.11.2010 16:58:33 | Computer Name = STEFAN | Source = MsiInstaller | ID = 1024
Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security
Update for Office 2003 (KB2289187): MSO" konnte nicht installiert werden. Fehlercode
1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung
betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie
folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung
zu erhalten: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 09.11.2010 17:28:22 | Computer Name = STEFAN | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1706.
Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung
mit dem Netzwerk oder dem CD-ROM-Laufwerk. Weitere mögliche Lösungen für dieses
Problem erhalten Sie unter D:\Microsoft Office\OFFICE11\1031\SETUP.CHM.

Error - 09.11.2010 17:28:22 | Computer Name = STEFAN | Source = MsiInstaller | ID = 1024
Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Update
for Outlook 2003: Junk E-mail Filter (KB2435682): OUTLFLTR" konnte nicht installiert
werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der
Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu
sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung
zu erhalten: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 09.11.2010 17:44:22 | Computer Name = STEFAN | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1706.
Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung
mit dem Netzwerk oder dem CD-ROM-Laufwerk. Weitere mögliche Lösungen für dieses
Problem erhalten Sie unter D:\Microsoft Office\OFFICE11\1031\SETUP.CHM.

Error - 09.11.2010 17:44:22 | Computer Name = STEFAN | Source = MsiInstaller | ID = 1024
Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security
Update for Office 2003 (KB2289187): MSO" konnte nicht installiert werden. Fehlercode
1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung
betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie
folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung
zu erhalten: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 28.01.2011 16:16:25 | Computer Name = STEFAN | Source = .NET Runtime | ID = 0
Description =

Error - 31.01.2011 15:56:30 | Computer Name = STEFAN | Source = MsiInstaller | ID = 11606
Description = Produkt: Dead Spaceâ„¢ 2 -- Error 1606. Zugriff auf Netzwerklaufwerk\
gescheitert.

Error - 31.01.2011 15:56:30 | Computer Name = STEFAN | Source = MsiInstaller | ID = 11606
Description = Produkt: Dead Spaceâ„¢ 2 -- Error 1606. Zugriff auf Netzwerklaufwerk\
gescheitert.

[ System Events ]
Error - 02.02.2011 02:04:31 | Computer Name = STEFAN | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 02.02.2011 02:04:38 | Computer Name = STEFAN | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 02.02.2011 08:59:52 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7034
Description = Dienst "Acronis Scheduler2 Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 02.02.2011 08:59:52 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7034
Description = Dienst "Creative Audio Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 02.02.2011 08:59:52 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7034
Description = Dienst "Acronis Nonstop Backup-Dienst" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 02.02.2011 08:59:53 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7031
Description = Der Dienst "NOD32 Kernel Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Starten Sie den Dienst neu..

Error - 02.02.2011 08:59:53 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7034
Description = Dienst "Stay Awake" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 02.02.2011 08:59:53 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Program Statistics Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.

Error - 02.02.2011 13:44:12 | Computer Name = STEFAN | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "desktop.ini" auf Volume "HarddiskVolume4 "
ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.
Die Volumeüberwachung wurde angehalten.

Error - 02.02.2011 13:52:21 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NOD32 Kernel Service" wurde nicht ordnungsgemäß gestartet.

[ TuneUp Events ]
Error - 03.07.2010 06:38:04 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-03 12:38:04', '\device\harddiskvolume2\mirror's
edge\binaries\xinputtest.exe','3512',0)

Error - 03.07.2010 06:38:35 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-03 12:38:35', '\device\harddiskvolume2\mirror's
edge\binaries\mirrorsedge.exe','2884',0)

Error - 03.07.2010 14:33:53 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-03 20:33:53', '\device\harddiskvolume2\mirror's
edge\binaries\mirrorsedge.exe','3584',0)

Error - 04.07.2010 02:49:51 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-04 08:49:51', '\device\harddiskvolume2\mirror's
edge\binaries\mirrorsedge.exe','440',0)

Error - 04.07.2010 02:55:26 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-04 08:55:26', '\device\harddiskvolume2\mirror's
edge\binaries\mirrorsedge.exe','40912',0)

Error - 04.07.2010 03:38:47 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-04 09:38:47', '\device\harddiskvolume2\mirror's
edge\binaries\mirrorsedge.exe','25784',0)

Error - 07.08.2010 13:37:13 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended, State, Resumed
FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications (Exe,
Started, Ended, State, Resumed) SELECT Exe, Started, '2010-08-07 19:37:02', 3,
Resumed FROM ActiveApps;DELETE FROM ActiveApps

Error - 22.08.2010 02:19:36 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-22 08:19:36', '\device\harddiskvolume2\click'n
design 3d\cnd3dv5.exe','604',0)

Error - 11.09.2010 01:39:23 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-11 07:39:23', '\device\harddiskvolume2\click'n
design 3d\cnd3dv5.exe','2992',0)

Error - 02.02.2011 10:41:28 | Computer Name = STEFAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti ": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-02-02 15:41:28', '\device\harddiskvolume2\malwarebytes'
anti-malware\mbam.exe','2076',0)


< End of report >

 

OTL: 02032011_073334.log

All processes killed
========== OTL ==========
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B0D4D817 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administration
->Temp folder emptied: 979238 bytes
->Temporary Internet Files folder emptied: 46645213 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1380 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 28065339 bytes

Total Files Cleaned = 72,00 mb


[EMPTYFLASH]

User: Administration
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02032011_073334

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8OK2GJII\97624-active-windows-calculator-wmp-keep-popping-up[1].html moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\49ZEOIRZ\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\05TTOJVM\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\05TTOJVM\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\04PHH7N7\ads[2].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

checkup.txt

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Utilities 2009
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
nod32krn.exe
nod32kui.exe
``````````End of Log````````````

 

View report

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV= "Content-Type" CONTENT= "text/html; charset=iso-8859-1 ">
<meta name= "generator" content= "Namo WebEditor v5.0(Trial) ">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin= "10" marginwidth= "0" topmargin= "20" marginheight= "0" >


<table align= "center" border= "0" cellpadding= "0" cellspacing= "0" width= "90% ">
<tr>
<td width= "458 ">
<p><font face= "Arial" color=red><span style= "font-size:14pt; "><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>
<tr>
<td colspan= "3" width= "912 ">
<p><font face= "Arial "><span style= "font-size:11pt; "><B>Scan report generated
at: Thu, Feb 03, 2011 - 09:28:57</b></span></font></p>
</td>
</tr>

<tr>
<td width= "458 ">
<p><font face= "Arial "><span style= "font-size:11pt; "><B>&nbsp;</b></span></font></p>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width= "458 ">
<p><font face= "Arial "><span style= "font-size:11pt; "><B>Scan
path: </b></span><span style= "font-size:10pt; ">C:\Dokumente und Einstellungen\Administration\Eigene Dateien;C:\Dokumente und Einstellungen\All Users\Dokumente;A:\;C:\;D:\;E:\;F:\;G:\;H:\;K:\;L:\;M:\;N:\;O:\;S:\;W:\;X:\;Y:\;C:\Dokumente und Einstellungen\Administration\Netzwerkumgebung\Meine Websites auf MSN;C:\Dokumente und Einstellungen\Administration\Eigene Dateien;</span></font></p>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width= "458 ">
<p><font face= "Arial "><span style= "font-size:11pt; "><B>&nbsp;</b></span></font></p>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width= "458 ">
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "451" colspan= "2" bgcolor= "#CCCCCC ">
<p><font face= "Arial" size= "2 "><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Time</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">01:06:49</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Files</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">408555</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Folders</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">13792</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Boot Sectors</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">0</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Archives</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">4432</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Packed Files</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">19704</font></p>
</td>
</tr>
</table>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>



<tr>
<td width= "458 ">
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "451" colspan= "2" bgcolor= "#CCCCCC ">
<p><font face= "Arial" size= "2 "><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Identified Viruses </font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">19</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Infected Files </font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">19</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Suspect&nbsp;Files </font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">0</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Warnings</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">0</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Disinfected</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">0</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Deleted Files</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">22</font></p>
</td>
</tr>
</table>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width= "458 ">
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "451" colspan= "2" bgcolor= "#CCCCCC ">
<p><font face= "Arial" size= "2 "><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Virus Definitions</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">6708307</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Engine build</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Scan plugins</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">18</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Archive plugins</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">44</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Unpack plugins</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">10</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">E-mail plugins</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">6</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">System&nbsp;plugins</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">4</font></p>
</td>
</tr>
</table>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width= "458 ">
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "451" colspan= "2" bgcolor= "#CCCCCC ">
<p><font face= "Arial" size= "2 "><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">First Action</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Disinfect</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Second Action</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Delete</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Heuristics</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Yes</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Enable Warnings</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Yes</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Scanned Extensions</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">*;</font></p>
</td>
</tr>

<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Exclude Extensions</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">&nbsp;</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Scan Emails</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Yes</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Scan Archives</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Yes</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Scan Packed</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Yes</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Scan Files</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Yes</font></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">Scan Boot</font></p>
</td>
<td width= "43%" align= "right ">
<p><font face= "Arial" size= "2 ">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td colspan=2> &nbsp;
<table border= "1" cellspacing= "0" bordercolordark= "white" bordercolorlight= "black" width= "100% ">
<tr>
<td width= "252" bgcolor= "#CCCCCC ">
<p><font face= "Arial" size= "2 "><B>Scanned File</b></font></p>
</td>
<td width= "195" bgcolor= "#CCCCCC" align= "right ">
<p align= "left "><b><font size= "2" face= "Arial ">&nbsp;Status</font></b></p>
</td>
</tr>
<tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst=>[Subject: videotimer3.0][From: 0z6siiehfj0t@sneakemail.com]=>videotimer3.0.zip=>videotimer.msi=>(Embedded CAB)=>_2F6C38F7BA814A59985FC74AE7D03EB8</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Gen:Trojan.Heur.VB.bm0@duIc8Qq</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst=>[Subject: videotimer3.0][From: 0z6siiehfj0t@sneakemail.com]=>videotimer3.0.zip=>videotimer.msi=>(Embedded CAB)=>_2F6C38F7BA814A59985FC74AE7D03EB8</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Disinfection failed</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst=>[Subject: videotimer3.0][From: 0z6siiehfj0t@sneakemail.com]=>videotimer3.0.zip=>videotimer.msi=>(Embedded CAB)=>_2F6C38F7BA814A59985FC74AE7D03EB8</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Delete failed</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FND0.NFI=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Downloader.Renos.A</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FND0.NFI=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FND0.NFI</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FND9.NFI=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Generic.KD.53916</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FND9.NFI=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FND9.NFI</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FNDA.NFI=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Gen:Variant.Kazy.2100</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FNDA.NFI=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FNDA.NFI</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FNDB.NFI=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Gen:Variant.Kazy.2102</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FNDB.NFI=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\cache\FNDB.NFI</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\infected\EEN3FJAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0012</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Detected with: Dropped:Adware.EbayRedirector.A</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\infected\EEN3FJAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0012</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Disinfection failed</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\infected\EEN3FJAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0012</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Delete failed</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\infected\G5R5QGBA.NQF=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Backdoor.Generic.366229</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\infected\G5R5QGBA.NQF=>(Quarantine-PE)</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">D:\Eset\infected\G5R5QGBA.NQF</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Acronis Disk Director Suite\Keygen\acronis_multi_keygen.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Zlob.371</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Acronis Disk Director Suite\Keygen\acronis_multi_keygen.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\AI Roboform\v7.1.1\Crack\RoboFormPatch.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Gen:Trojan.Heur.FU.eqW@auWaL3oi</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\AI Roboform\v7.1.1\Crack\RoboFormPatch.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Audio & Video\Tools\MPEG Video Wizard DVD\Patch\womble.multimedia.mpeg.video.wizard.dvd.5.0-patch.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Backdoor.Generic.366229</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Audio & Video\Tools\MPEG Video Wizard DVD\Patch\womble.multimedia.mpeg.video.wizard.dvd.5.0-patch.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Audio & Video\Tools\Replay Media Capture\Replay.Media.Catcher.v2.10.00.00&Patch\Patch.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Generic.4691264</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Audio & Video\Tools\Replay Media Capture\Replay.Media.Catcher.v2.10.00.00&Patch\Patch.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Call of Duty 2\KeyGen\rld-cod2kg.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Generic.1317638</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Call of Duty 2\KeyGen\rld-cod2kg.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\doom3\RLD-D3KG.EXE</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Packed.14452</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\doom3\RLD-D3KG.EXE</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\F.E.A.R\Keygen\rld-fearkg.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Generic.1782363</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\F.E.A.R\Keygen\rld-fearkg.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\King Kong\Crack\kingkong.dll</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Gen:Trojan.Heur.UT.bu4@bSIlF6n</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\King Kong\Crack\kingkong.dll</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\SnagIt\v9.1.3\keymaker.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Backdoor.Generic.455590</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\SnagIt\v9.1.3\keymaker.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Windows Optimierung & Sicherheit\NOD32\Lizenzen\manuell\ESET_Keys_Finder_V6.5.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Generic.KDV.72465</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Windows Optimierung & Sicherheit\NOD32\Lizenzen\manuell\ESET_Keys_Finder_V6.5.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Windows Optimierung & Sicherheit\Quick View Plus\qvp10Patch.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Generic.1060806</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\Windows Optimierung & Sicherheit\Quick View Plus\qvp10Patch.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\XP-Treiber\Stefan\Scanner\PerfectScan\keygen.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Infected with: Trojan.Generic.3830183</font></p>
</td>
</tr><tr>
<td width= "57% ">
<p><font face= "Arial" size= "2 ">H:\XP-Treiber\Stefan\Scanner\PerfectScan\keygen.exe</font></p>
</td>
<td width= "43%" align= "left ">
<p><font face= "Arial" size= "2 ">Deleted</font></p>
</td>
</tr>
</table>
</td>

<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width= "458 ">
<p><font face= "Arial "><span style= "font-size:11pt; "><B>&nbsp;</b></span></font></p>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width= "458 ">
<p><font face= "Arial "><span style= "font-size:11pt; "><B>&nbsp;</b></span></font></p>
</td>
<td width= "40% ">
<p>&nbsp;</p>
</td>
<td width= "10% ">
<p>&nbsp;</p>
</td>
</tr>

</table>
<p>&nbsp;</p>

</body>
</html>

 

Otl

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administration
->Temp folder emptied: 952798 bytes
->Temporary Internet Files folder emptied: 49327911 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1956 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48,00 mb


[EMPTYFLASH]

User: Administration
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.6 log created on 02042011_150542

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T25UMWPG\ads[1].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T25UMWPG\eBayISAPI[2].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PHPVEBZX\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PHPVEBZX\rtm[1].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OE17NSPD\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OE17NSPD\ads[1].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OE17NSPD\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I4YIXU0Q\ads[1].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I4YIXU0Q\L3rdP;sz=728x90;ord=1296828122275;dcopt=ist;tile=1;um=6;us=11;eb_trk=133252;pr=25;xp=27;np=24;uz=58093;cg=ed992f6612d0a0a9f4955b25ff90ee78[1].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8WXA6C8U\eBayISAPI[4].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8WXA6C8U\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8WXA6C8U\pm[1].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\49F22WI5\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3NS6IE38\rtm[3].htm moved successfully.
C:\Dokumente und Einstellungen\Administration\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

Still watching...

Hi,

I'm glad to hear you saying that my PC seems to be clean. Thank you very much for the support.

I'm still "waiting" for the Windows Calculator popping up... since 2 days it hasn't, but this annoying behaviour occured only from time to time before.

I'll keep you informed how things are going.

CU

Mister Floppy

 

Still lucky

Hi broni,

short feedback: one week without the Windows Calculator popping up...

CU

Mister Floppy

 

Still lucky

Two weeks without the Windows Calculator popping up.

To be continued...

CU

Mister Floppy