I'll attach the files in a few minutes..
Last edited by Icebomber on 22nd March 2012, 5:40 pm; edited 1 time in total
Code:
OTL logfile created on: 20.03.2012 21:27:43 - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,37% Memory free
3,85 Gb Paging File | 2,90 Gb Available in Paging File | 75,34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 143,56 Gb Free Space | 48,16% Space Free | Partition Type: NTFS
Computer Name: JULIAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012.03.19 18:36:05 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.03.18 14:01:30 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.02.09 11:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.01.23 13:15:54 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.7\ICQ.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.26 19:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.19 16:55:47 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.09.30 12:19:12 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 13:00:00 | 000,060,416 | -HS- | M] (Microsoft Corporation) -- C:\Programme\Outlook Express\msimn.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012.03.18 14:01:21 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.20 14:46:46 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.10.19 16:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV - [2012.02.15 19:58:15 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.13 18:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.10 04:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.11.05 17:35:46 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2011.10.31 16:22:10 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.08.10 02:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2006.11.10 14:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006.07.11 21:38:00 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.07.11 21:38:00 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.06 14:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.18 14:01:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\10017
[2012.01.26 22:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.03.02 16:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\vyzrwnaq.default\extensions
[2012.03.02 16:10:17 | 000,005,212 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\vyzrwnaq.default\searchplugins\ecosia.xml
[2012.01.19 15:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.18 14:01:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.03.19 00:15:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD588DF2-8912-49F6-8F4D-9A12C17D8853}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.16 14:38:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012.03.20 21:31:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2012.03.20 21:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.03.19 19:53:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\CCleaner
[2012.03.19 19:53:02 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.03.19 19:47:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.03.19 17:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\AVG2012
[2012.03.19 14:15:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.03.18 23:56:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.03.18 23:54:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.03.18 23:54:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.03.18 23:54:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.03.18 23:54:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.03.18 23:54:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.03.18 23:53:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012.03.18 23:49:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.18 23:48:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
^
|
It's document and settings
[2012.03.18 22:37:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Common Files
[2012.03.18 22:35:51 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2012.03.18 22:35:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\MFAData
[2012.03.18 22:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2012.03.18 18:16:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
[2012.03.18 18:03:49 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.03.18 14:42:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Malwarebytes' Anti-Malware
[2012.03.18 14:26:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.03.18 14:25:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.18 14:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
[2012.03.18 14:25:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.18 14:25:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.18 02:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.03.16 18:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2012.03.16 18:03:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\HiJackThis
[2012.03.11 23:17:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\CrystalDiskInfo
[2012.03.11 23:17:26 | 000,000,000 | ---D | C] -- C:\Programme\CrystalDiskInfo
[2012.03.11 15:43:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\CABAL Online (Europe)
[2012.03.11 15:28:39 | 000,000,000 | ---D | C] -- C:\Programme\Games-Masters.com
[2012.03.10 17:32:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Adobe
[2012.03.10 17:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\regid.1986-12.com.adobe
[2012.03.10 17:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.10 17:27:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Adobe Audition CS5.5
[2012.03.10 16:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Audacity
[2012.03.10 16:32:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.10 16:31:34 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Download Assistant
[2012.03.10 16:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe AIR
[2012.03.07 22:21:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Crap
[2012.02.21 19:22:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.thumbnails
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012.03.20 21:31:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2012.03.20 18:30:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012.03.20 18:29:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.20 18:29:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.19 19:53:09 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\CCleaner.lnk
[2012.03.19 16:48:03 | 000,129,789 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\3416045_700b.jpg
[2012.03.19 16:48:03 | 000,012,049 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2012.03.19 00:15:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.03.18 23:56:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.03.18 20:39:04 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.18 17:58:26 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012.03.18 14:25:53 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.18 14:02:59 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012.03.18 00:58:59 | 000,002,447 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.lnk
[2012.03.14 21:47:42 | 000,094,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.12 20:21:36 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JULIAN-Administrator.job
[2012.03.11 15:43:20 | 000,000,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\CABAL Online (Europe).lnk
[2012.03.10 16:33:39 | 000,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Audacity.lnk
[2012.03.08 15:27:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012.02.20 14:46:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012.03.19 19:53:08 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\CCleaner.lnk
[2012.03.19 16:48:03 | 000,012,049 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2012.03.19 16:46:50 | 000,129,789 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\3416045_700b.jpg
[2012.03.18 23:56:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.03.18 23:56:49 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.03.18 23:54:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.03.18 23:54:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.03.18 23:54:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.03.18 23:54:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.03.18 23:54:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.03.18 14:25:53 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.17 23:49:32 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012.03.16 18:03:27 | 000,002,447 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.lnk
[2012.03.12 20:21:36 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JULIAN-Administrator.job
[2012.03.11 15:43:20 | 000,000,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\CABAL Online (Europe).lnk
[2012.03.10 17:32:03 | 000,000,860 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Adobe Audition CS5.5.lnk
[2012.03.10 17:31:40 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Adobe Help.lnk
[2012.03.10 16:33:39 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Audacity.lnk
[2012.03.10 16:33:39 | 000,000,610 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Audacity.lnk
[2012.03.10 16:31:35 | 000,000,776 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Adobe Download Assistant.lnk
[2012.03.08 15:27:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.02.15 13:39:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.07 21:55:33 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.10 21:00:12 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.11.05 17:43:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.11.05 17:43:26 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.11.05 17:43:25 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.11.05 17:43:25 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.11.05 17:39:13 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2011.11.05 17:30:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.05 16:03:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.11.05 15:58:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.11.05 15:50:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.11.05 15:48:01 | 000,094,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.11 22:22:51 | 000,071,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.12.01 14:02:28 | 010,760,550 | ---- | C] () -- C:\Programme\Guitar Pro 5.rar
< End of report >
Code:
OTL Extras logfile created on: 19.03.2012 18:39:27 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Dokumente und Einstellungen\Administrator\My documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,17% Memory free
3,85 Gb Paging File | 2,68 Gb Available in Paging File | 69,74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 142,90 Gb Free Space | 47,94% Space Free | Partition Type: NTFS
Computer Name: JULIAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.7\ICQ.exe" = C:\Programme\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.7\ICQ.exe" = C:\Programme\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7 -- (ICQ, LLC.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Wolfenstein - Enemy Territory\ET.exe" = C:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Programme\Steam\SteamApps\icebomber27\half-life 2 deathmatch\hl2.exe" = C:\Programme\Steam\SteamApps\icebomber27\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Steam\SteamApps\icebomber27\day of defeat source\hl2.exe" = C:\Programme\Steam\SteamApps\icebomber27\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source -- ()
"C:\Programme\AVG\AVG2012\avgnsx.exe" = C:\Programme\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgdiagex.exe" = C:\Programme\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgmfapx.exe" = C:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgemcx.exe" = C:\Programme\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{140B5BC3-E263-397D-B1BB-C4095364FB6F}" = Catalyst Control Center InstallProxy
"{190601AF-7BE4-046E-CEBF-14EE74434250}" = AMD Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3828EC4B-D4B9-A742-4D81-9C0A3C72DF8A}" = CCC Help English
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7E18C9F0-1262-4AF6-AC3D-9CB1EBF54772}" = Day of Defeat: Source
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A917A1-DBA3-3639-53DA-B6E833D41A57}" = ccc-utility
"{82931CCC-65F4-5A50-57AD-AE6DF6B10929}" = Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0A087E5-149E-EC75-F45D-3A3C04344B4A}" = Catalyst Control Center Graphics Previews Common
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype
5.5
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC67DD84-77C6-C9F8-FA03-953F1C1C92A9}" = Catalyst Control Center InstallProxy
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}" = Adobe Audition CS5.5
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F021D637-BBDA-486B-96F0-225B62596C3B}" = Nero 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATITool" = ATITool Overclocking Utility
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"Avira AntiVir Desktop" = Avira Free Antivirus
"CABAL Online Europe DE_is1" = CABAL Online Europe DE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.3.0
"DivX Setup" = DivX-Setup
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Tunatic" = Tunatic
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Unlocker" = Unlocker 1.9.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 11.01.2012 09:53:41 | Computer Name = JULIAN | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
[ System Events ]
Error - 17.03.2012 21:27:18 | Computer Name = JULIAN | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 17.03.2012 21:27:23 | Computer Name = JULIAN | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 18.03.2012 12:57:23 | Computer Name = JULIAN | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 18.03.2012 17:21:34 | Computer Name = JULIAN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
auf Anwendungsebene.
Error - 18.03.2012 17:21:35 | Computer Name = JULIAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 18.03.2012 18:50:20 | Computer Name = JULIAN | Source = Service Control Manager | ID = 7031
Description = Der Dienst "AVG WatchDog" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 18.03.2012 18:50:28 | Computer Name = JULIAN | Source = Service Control Manager | ID = 7034
Description = Dienst "AVGIDSAgent" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 18.03.2012 19:14:50 | Computer Name = JULIAN | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_UNLOCKERDRIVER5\0000" wurde ohne vorbereitende
Maßnahmen vom System entfernt.
Error - 18.03.2012 19:17:33 | Computer Name = JULIAN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 18.03.2012 19:17:33 | Computer Name = JULIAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Dokumente und Einstellungen means documents and setting, sry [img]http://r23.imgfast.net/users/2815/89/79/54/smiles/437591.gif[/img] The aswMBR.exe is crashing every time I want to save the log :roll:Last edited by Icebomber on 22nd March 2012, 5:40 pm; edited 1 time in total
Please download Malwarebytes Anti-Malware from 
Thanks fpr your support 
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
