Firefox und IE stürzen mit Blue Screen ab

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:48, on 15.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.t-online.de/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User->LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User->NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra->Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - [url]http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{730DA634-9C14-488F-86F4-81CCB8CFD1B0}: NameServer = 217.0.43.177 217.0.43.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{730DA634-9C14-488F-86F4-81CCB8CFD1B0}: NameServer = 217.0.43.177 217.0.43.161
O17 - HKLM\System\CS2\Services\Tcpip\..\{730DA634-9C14-488F-86F4-81CCB8CFD1B0}: NameServer = 217.0.43.177 217.0.43.161
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7130 bytes

GMER 1.0.15.15281 - [url]http://www.gmer.net[/url]
Rootkit scan 2010-04-16 21:58:36
Windows 6.1.7600 
Running: 6j54eodb.exe; Driver: C:\Users\JRG~1\AppData\Local\Temp\axlcypod.sys


---- System - GMER 1.0.15 ----

SSDT      C4043428                                                             ZwAlertResumeThread
SSDT      C40434E8                                                             ZwAlertThread
SSDT      C4043BA0                                                             ZwAllocateVirtualMemory
SSDT      C3DBCC48                                                             ZwAlpcConnectPort
SSDT      C4044938                                                             ZwAssignProcessToJobObject
SSDT      C4044E00                                                             ZwCreateMutant
SSDT      C40446B8                                                             ZwCreateSymbolicLinkObject
SSDT      C4041468                                                             ZwCreateThread
SSDT      C4044788                                                             ZwCreateThreadEx
SSDT      C40449F8                                                             ZwDebugActiveProcess
SSDT      C4042550                                                             ZwDuplicateObject
SSDT      C4043A00                                                             ZwFreeVirtualMemory
SSDT      C4044ED0                                                             ZwImpersonateAnonymousToken
SSDT      C4044F90                                                             ZwImpersonateThread
SSDT      C3E6C0C8                                                             ZwLoadDriver
SSDT      C4043920                                                             ZwMapViewOfSection
SSDT      C4044D40                                                             ZwOpenEvent
SSDT      C40426F0                                                             ZwOpenProcess
SSDT      C3F4E048                                                             ZwOpenProcessToken
SSDT      C4044BC0                                                             ZwOpenSection
SSDT      C4042620                                                             ZwOpenThread
SSDT      C4044868                                                             ZwProtectVirtualMemory
SSDT      C4CE8E58                                                             ZwResumeThread
SSDT      C415AE50                                                             ZwSetContextThread
SSDT      C40437C8                                                             ZwSetInformationProcess
SSDT      C4044AB8                                                             ZwSetSystemInformation
SSDT      C4044C80                                                             ZwSuspendProcess
SSDT      C4CE6210                                                             ZwSuspendThread
SSDT      C404C0F0                                                             ZwTerminateProcess
SSDT      C4CE4048                                                             ZwTerminateThread
SSDT      C4110E50                                                             ZwUnmapViewOfSection
SSDT      C4043AD0                                                             ZwWriteVirtualMemory

INT 0x1F    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E3043AF8
INT 0x37    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E3043104
INT 0x51    ?                                                                 C31FCA58
INT 0x62    ?                                                                 C4F1EA58
INT 0x72    ?                                                                 C4F1ECD8
INT 0x82    ?                                                                 C31FC058
INT 0x92    ?                                                                 C31FC2D8
INT 0xA2    ?                                                                 C31FC558
INT 0xB0    ?                                                                 C4F1E2D8
INT 0xB1    ?                                                                 C31FCCD8
INT 0xB2    ?                                                                 C31FC7D8
INT 0xC1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E30433F4
INT 0xD1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E302B634
INT 0xD2    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E302B898
INT 0xDF    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E30431DC
INT 0xE1    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E3043958
INT 0xE3    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E30436F8
INT 0xFD    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E3043F2C
INT 0xFE    \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                     E30441A8

Code      \??\C:\Windows\system32\drivers\pci0htwl.sys                                           ZwResumeThread [0xD1878F4E]

---- Kernel code sections - GMER 1.0.15 ----

.text      ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                  E2C5C599 1 Byte [06]
.text      ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                              E2C80F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text      ntkrnlpa.exe!RtlSidHashLookup + 224                                                E2C88734 8 Bytes [28, 34, 04, C4, E8, 34, 04, ...]
.text      ntkrnlpa.exe!RtlSidHashLookup + 23C                                                E2C8874C 4 Bytes [A0, 3B, 04, C4]
.text      ntkrnlpa.exe!RtlSidHashLookup + 248                                                E2C88758 4 Bytes [48, CC, DB, C3] {DEC EAX; INT 3 ; FCMOVNB ST, ST(3)}
.text      ntkrnlpa.exe!RtlSidHashLookup + 29C                                                E2C887AC 4 Bytes [38, 49, 04, C4]
.text      ntkrnlpa.exe!RtlSidHashLookup + 318                                                E2C88828 4 Bytes [00, 4E, 04, C4]
.text      ...                                                                
PAGE      ntkrnlpa.exe!ZwResumeThread                                                    E2E8B00F 7 Bytes JMP D1878F52 \??\C:\Windows\system32\drivers\pci0htwl.sys
.text      C:\Windows\system32\DRIVERS\atikmdag.sys                                             section is writeable [0xD7606000, 0x2CB104, 0xE8000020]
.text      peauth.sys                                                            E0C9FC9D 28 Bytes [8F, 82, 8A, 1D, 31, 60, 2E, ...]
.text      peauth.sys                                                            E0C9FCC1 28 Bytes [8F, 82, 8A, 1D, 31, 60, 2E, ...]
PAGE      peauth.sys                                                            E0CA5B9B 72 Bytes [A0, A4, BE, D1, 57, 9A, C5, ...]
PAGE      peauth.sys                                                            E0CA5BEC 111 Bytes [2E, AB, 1A, 6D, DB, 91, D0, ...]
PAGE      peauth.sys                                                            E0CA5E20 101 Bytes [64, 50, DB, 40, 20, A7, 67, ...]
PAGE      ...                                                                

---- User IAT/EAT - GMER 1.0.15 ----

IAT       C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1584] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [75775E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT       C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1584] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]   [75775E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT       C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]  [75775E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT       C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1584] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75775E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT       C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1584] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [75775E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT       C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1584] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress]  [75775E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [744F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                       [744D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                       [744D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]

[744F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                     [744E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                      [744E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                      [744E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                     [744E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                 [744E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                      [744E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                   [744E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                  [744E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                     [744EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                       [744E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device     \Driver\ACPI_HAL \Device\00000053                                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9                                         hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\tdx \Device\Tcp                                                      SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1                                              hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2                                              hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3                                              hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4                                              hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5                                              hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b01123c                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b01123c@001dfe5094a3                     0x33 0xE0 0x19 0x88 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b01123c@001fcd2f4f85                     0x20 0xE8 0xD0 0x07 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b01123c (not active ControlSet)                  
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b01123c@001dfe5094a3                       0x33 0xE0 0x19 0x88 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b01123c@001fcd2f4f85                       0x20 0xE8 0xD0 0x07 ...

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 17.04.2010 13:40:08 - Run 1
OTL by OldTimer - Version 3.2.1.1   Folder = C:\Users\Jörg\Downloads
 Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,40 Gb Total Space | 412,01 Gb Free Space | 89,88% Space Free | Partition Type: NTFS
Drive D: | 7,35 Gb Total Space | 7,29 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JÖRG´SPC
Current User Name: Jörg
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Jörg\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Norton 360\Engine\4.1.0.32\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Jörg\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100416.038\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100416.038\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0401000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0401000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0401000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0401000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0401000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0401000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSvix86.sys (Symantec Corporation)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0401000.020\SYMDS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.t-online.de/[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://de.msn.com/?ocid=iehp[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 79 F8 D1 B6 88 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0

[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: MyStart Suche
FF - prefs.js..browser.search.param.yahoo-fr: chrf-ytbm
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: chrf-ytbm
FF - prefs.js..browser.search.param.yahoo-type: ${8}
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: [url]http://www.t-online.de/[/url]
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
FF - prefs.js..extensions.enabledItems: {269FB356-C69F-7349-D092-AB28AF836D0E}:3.5.004
FF - prefs.js..extensions.enabledItems: {4a1a0a40-7d27-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.3.10.01.23
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.90
FF - prefs.js..keyword.URL: [url]http://search.sweetim.com/search.asp?src=2&q=[/url]
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: [url]http://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search=[/url]
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.14 02:22:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010.03.19 16:42:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010.03.19 16:42:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.17 13:25:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 22:46:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2010.03.26 23:01:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010.04.15 20:37:22 | 000,000,000 | ---D | M]
 
[2009.12.30 04:39:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions
[2009.12.30 04:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010.04.16 22:20:16 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions
[2010.03.26 22:52:50 | 000,000,000 | ---D | M] (Strata Aero) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}
[2009.12.29 21:06:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.03.11 17:31:31 | 000,000,000 | ---D | M] (MonoChrome) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{4a1a0a40-7d27-11dd-ad8b-0800200c9a66}
[2010.03.11 17:29:17 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
[2010.03.26 22:31:12 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010.04.15 18:55:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.26 22:48:16 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\[email protected]
[2010.03.26 22:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}\mozapps\extensions
[2010.03.26 22:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010.04.15 20:30:39 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions
[2010.04.15 20:20:37 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.04.15 20:20:37 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\[email protected]
[2010.04.16 22:46:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra->Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab[/url] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[/url] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab[/url] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab[/url] (Java Plug-in 1.6.0_19)
O16 - DPF: CabBuilder [url]http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab[/url] (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.04.15 20:21:14 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.04.15 20:21:14 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.04.15 19:29:03 | 000,000,000 | ---D | C] -- C:\Programme\JRE
[2010.04.15 19:02:04 | 000,000,000 | ---D | C] -- C:\Temp
[2010.04.15 18:48:48 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 18:48:47 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 18:48:46 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 18:03:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.04.15 17:44:59 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2010.04.15 17:42:51 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2010.04.15 17:25:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.14 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Grid Tool
[2010.04.08 16:01:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.08 16:01:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.08 16:01:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.08 15:59:33 | 000,000,000 | ---D | C] -- C:\Users\Jörg\OpenOffice.org 3.2 (de) Installation Files
[2010.04.08 15:59:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2010.04.06 23:57:02 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symtdiv.sys
[2010.04.06 23:57:02 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symds.sys
[2010.04.06 23:57:02 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symefa.sys
[2010.04.06 23:57:02 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.sys
[2010.04.06 23:57:01 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.sys
[2010.04.06 23:57:01 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.sys
[2010.04.06 23:57:01 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\ironx86.sys
[2010.04.06 23:56:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0401000.020
[2010.04.06 01:16:58 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\gtk-2.0
[2010.04.06 01:16:55 | 000,000,000 | ---D | C] -- C:\Users\Jörg\.thumbnails
[2010.04.05 02:03:45 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\Apps
[2010.04.03 12:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.03 12:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\Programs
[2010.04.01 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Jörg\Documents\gegl-0.0
[2010.04.01 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Jörg\.gimp-2.6
[2010.04.01 21:35:59 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2010.04.01 21:10:29 | 018,234,256 | ---- | C] (                              ) -- C:\Users\Jörg\gimp-2.6.8-i686-setup.exe
[2010.03.31 16:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\Yahoo
[2010.03.31 16:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010.03.31 16:37:41 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Yahoo!
[2010.03.31 16:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010.03.31 16:27:57 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2010.03.31 14:29:14 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 14:29:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 14:29:14 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.26 22:32:39 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\AntiBrowserSpy 2009
[2010.03.26 15:47:07 | 000,000,000 | ---D | C] -- C:\Programme\FRANZIS
[2010.03.26 15:26:29 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\Abelssoft
[2010.03.26 15:26:22 | 000,000,000 | ---D | C] -- C:\Programme\AntiBrowserSpy
[2010.03.26 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\Jörg\God-Modus.{ED7BA470-8E54-465E-825C-99712043E01C}
[2010.03.23 19:47:28 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\CrashDumps
[2010.03.22 11:39:53 | 000,532,480 | ---- | C] (ScreenTime Media) -- C:\Windows\System32\briblo.scr
[2010.03.22 11:39:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\briblo dir
[2010.03.19 17:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Tific
[2010.03.19 16:42:10 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.03.19 16:41:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010.03.19 16:41:30 | 000,000,000 | ---D | C] -- C:\Programme\Norton 360
[2010.03.19 03:02:44 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\MessengerGadget
[2010.03.19 02:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010.03.19 02:23:34 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.04.17 13:42:33 | 003,145,728 | ---- | M] () -- C:\Users\Jörg\ntuser.dat
[2010.04.17 13:16:26 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.17 13:16:26 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.17 13:13:28 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.17 13:13:28 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.17 13:13:28 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.17 13:13:28 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.17 13:13:28 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.17 13:12:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.17 13:09:38 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.17 13:09:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.17 13:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.17 13:08:47 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.17 03:00:24 | 009,762,638 | -H-- | M] () -- C:\Users\Jörg\AppData\Local\IconCache.db
[2010.04.16 22:46:56 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.16 22:29:13 | 000,960,598 | ---- | M] () -- C:\Windows\System32\drivers\N360\0401000.020\Cat.DB
[2010.04.15 20:37:22 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.15 20:21:12 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.04.15 20:21:12 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.04.15 19:52:20 | 000,068,416 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010.04.15 19:51:22 | 000,302,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.15 19:49:15 | 000,524,288 | -HS- | M] () -- C:\Users\Jörg\ntuser.dat{6970c53d-48a8-11df-b6b4-00025b01123c}.TMContainer00000000000000000002.regtrans-ms
[2010.04.15 19:49:15 | 000,524,288 | -HS- | M] () -- C:\Users\Jörg\ntuser.dat{6970c53d-48a8-11df-b6b4-00025b01123c}.TMContainer00000000000000000001.regtrans-ms
[2010.04.15 19:49:15 | 000,065,536 | -HS- | M] () -- C:\Users\Jörg\ntuser.dat{6970c53d-48a8-11df-b6b4-00025b01123c}.TM.blf
[2010.04.15 19:29:43 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.04.15 18:04:53 | 000,008,224 | ---- | M] () -- C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.15 18:03:42 | 361,342,151 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.08 11:15:25 | 167,555,440 | ---- | M] () -- C:\Users\Jörg\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2010.04.08 09:46:39 | 001,829,024 | ---- | M] () -- C:\Users\Jörg\Foto031.jpg
[2010.04.08 09:41:38 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLds.DAT
[2010.04.08 09:41:30 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLec.DAT
[2010.04.07 15:36:37 | 000,002,330 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010.04.06 01:21:24 | 000,001,489 | ---- | M] () -- C:\Users\Jörg\.recently-used.xbel
[2010.04.05 03:40:10 | 000,524,288 | -HS- | M] () -- C:\Users\Jörg\NTUSER.DAT{1be9cd3e-4040-11df-a2da-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.04.05 03:40:10 | 000,524,288 | -HS- | M] () -- C:\Users\Jörg\NTUSER.DAT{1be9cd3e-4040-11df-a2da-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.04.05 03:40:10 | 000,065,536 | -HS- | M] () -- C:\Users\Jörg\NTUSER.DAT{1be9cd3e-4040-11df-a2da-806e6f6e6963}.TM.blf
[2010.04.05 01:18:34 | 003,407,872 | -HS- | M] () -- C:\Users\Jörg\NTUSER.DAT_tureg_old
[2010.04.01 21:17:15 | 018,234,256 | ---- | M] (                              ) -- C:\Users\Jörg\gimp-2.6.8-i686-setup.exe
[2010.04.01 15:17:48 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.04.01 15:11:38 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.03.27 03:39:52 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0401000.020\isolate.ini
[2010.03.26 22:42:08 | 000,001,045 | ---- | M] () -- C:\Users\Jörg\AntiBrowserSpy.lnk
[2010.03.25 17:24:34 | 000,008,065 | ---- | M] () -- C:\Users\Jörg\Rechnung59492.htm
[2010.03.24 02:59:53 | 000,002,593 | ---- | M] () -- C:\Users\Public\Desktop\NetSchafkopf.lnk
[2010.03.22 11:39:53 | 000,532,480 | ---- | M] (ScreenTime Media) -- C:\Windows\System32\briblo.scr
[2010.03.19 16:42:01 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.03.19 16:42:01 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.03.19 16:42:01 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.04.16 22:46:56 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.15 19:29:43 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.04.15 18:03:54 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg\ntuser.dat{6970c53d-48a8-11df-b6b4-00025b01123c}.TMContainer00000000000000000002.regtrans-ms
[2010.04.15 18:03:53 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg\ntuser.dat{6970c53d-48a8-11df-b6b4-00025b01123c}.TMContainer00000000000000000001.regtrans-ms
[2010.04.15 18:03:53 | 000,065,536 | -HS- | C] () -- C:\Users\Jörg\ntuser.dat{6970c53d-48a8-11df-b6b4-00025b01123c}.TM.blf
[2010.04.15 18:03:42 | 361,342,151 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.08 10:10:16 | 167,555,440 | ---- | C] () -- C:\Users\Jörg\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2010.04.08 09:45:51 | 001,829,024 | ---- | C] () -- C:\Users\Jörg\Foto031.jpg
[2010.04.07 15:36:10 | 000,960,598 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\Cat.DB
[2010.04.06 23:57:02 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnetv.cat
[2010.04.06 23:57:02 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symefa.cat
[2010.04.06 23:57:02 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symds.cat
[2010.04.06 23:57:02 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnet.cat
[2010.04.06 23:57:02 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symefa.inf
[2010.04.06 23:57:02 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symds.inf
[2010.04.06 23:57:02 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnetv.inf
[2010.04.06 23:57:02 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnet.inf
[2010.04.06 23:57:02 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.inf
[2010.04.06 23:57:01 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.cat
[2010.04.06 23:57:01 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.cat
[2010.04.06 23:57:01 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\iron.cat
[2010.04.06 23:57:01 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.cat
[2010.04.06 23:57:01 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.inf
[2010.04.06 23:57:01 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.inf
[2010.04.06 23:57:01 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\iron.inf
[2010.04.06 23:56:47 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\isolate.ini
[2010.04.06 01:21:24 | 000,001,489 | ---- | C] () -- C:\Users\Jörg\.recently-used.xbel
[2010.04.05 01:20:21 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT{1be9cd3e-4040-11df-a2da-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.04.05 01:20:21 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT{1be9cd3e-4040-11df-a2da-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.04.05 01:20:21 | 000,065,536 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT{1be9cd3e-4040-11df-a2da-806e6f6e6963}.TM.blf
[2010.04.05 01:18:27 | 000,000,000 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT_tureg_new.LOG2
[2010.04.05 01:18:27 | 000,000,000 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT_tureg_new.LOG1
[2010.03.26 15:26:27 | 000,001,045 | ---- | C] () -- C:\Users\Jörg\AntiBrowserSpy.lnk
[2010.03.25 17:24:34 | 000,008,065 | ---- | C] () -- C:\Users\Jörg\Rechnung59492.htm
[2010.03.19 16:41:53 | 000,002,330 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010.01.25 12:24:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2010.01.08 16:54:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.01.08 16:48:26 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.30 15:13:30 | 000,001,880 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.12.30 13:26:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Super Strings
[2009.12.30 13:26:28 | 000,000,268 | RH-- | C] () -- C:\Users\Jörg\AppData\Roaming\Stingers
[2009.12.30 13:26:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2009.12.29 20:24:57 | 003,407,872 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT_tureg_old
[2009.12.29 20:24:57 | 003,145,728 | ---- | C] () -- C:\Users\Jörg\ntuser.dat
[2009.12.29 20:24:57 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.12.29 20:24:57 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.12.29 20:24:57 | 000,262,144 | -HS- | C] () -- C:\Users\Jörg\ntuser.dat.LOG1
[2009.12.29 20:24:57 | 000,065,536 | -HS- | C] () -- C:\Users\Jörg\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.12.29 20:24:57 | 000,000,020 | -HS- | C] () -- C:\Users\Jörg\ntuser.ini
[2009.12.29 20:24:57 | 000,000,000 | -HS- | C] () -- C:\Users\Jörg\ntuser.dat.LOG2
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:11:59 | 000,589,824 | ---- | C] () -- C:\Windows\System32\jayw2sbf.dll
[2006.11.02 10:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
< End of report >

OTL Extras logfile created on: 17.04.2010 13:40:08 - Run 1
OTL by OldTimer - Version 3.2.1.1   Folder = C:\Users\Jörg\Downloads
 Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,40 Gb Total Space | 412,01 Gb Free Space | 89,88% Space Free | Partition Type: NTFS
Drive D: | 7,35 Gb Total Space | 7,29 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JÖRG´SPC
Current User Name: Jörg
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
exefile [open] -- %1 %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
VistaSp1 = Reg Error: Unknown registry data type -- File not found
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications = 0
EnableFirewall = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications = 0
EnableFirewall = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{00C0C196-54AC-8BC5-5F16-87C4A38D13B8} = Catalyst Control Center Localization All
{02EBDBB9-4600-41D3-B566-40CB861511D2} = World of Warcraft FREE Trial
{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A} = Opera 10.51
{06A1D88C-E102-4527-AF70-29FFD7AF215A} = Scan
{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC} = Status
{104066F4-5897-4067-85D3-4C88B67CCF75} = AIO_Scan
{1063B812-E31C-833F-F5F0-46D9D06B5336} = Catalyst Control Center Graphics Light
{13DFC4CE-9089-4907-E042-71DCD6727DBA} = ccc-utility
{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} = QuickTime
{175F0111-2968-4935-8F70-33108C6A4DE3} = MarketResearch
{192A107E-C6B9-41B9-BDBF-38E3AA226054} = OpenOffice.org 3.2
{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0} = TrayApp
{1EE8648A-1141-BF6F-B002-1F279859606B} = CCC Help Portuguese
{1EFE2B13-7C03-E454-00F5-5FF8CFC86343} = CCC Help Hungarian
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{205C6BDD-7B73-42DE-8505-9A093F35A238} = Windows Live-Uploadtool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} = MSVCRT
{25C55EBA-401C-F7B8-E932-F7A5D53EADEE} = Catalyst Control Center Graphics Previews Vista
{26442B73-03B2-44E5-ACBC-8C6625B89481} = CCC Help French
{26A24AE4-039D-4CA4-87B4-2F83216016FF} = Java(TM) 6 Update 19
{26A24AE4-039D-4CA4-87B4-2F83216018F0} = Java(TM) 6 Update 18
{2E2660AC-6195-C603-A6BD-5FC039891FFF} = ccc-core-static
{2EAF7E61-068E-11DF-953C-005056806466} = Google Earth
{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C} = BufferChm
{2FF8C687-DB7D-4adc-A5DC-57983EC25046} = DeviceDiscovery
{30E0C424-E68A-FB77-6E45-42EC039264F4} = CCC Help Greek
{31CF6C0E-51F0-41D2-B088-A6A143C4303C} = SweetIM Toolbar for Internet Explorer 3.6
{3248F0A8-6813-11D6-A77B-00B0D0160070} = Java(TM) 6 Update 7
{39F387E3-19E1-48CC-9D74-EFF82771A452} = NetSchafkopf
{3C92B2E6-380D-4fef-B4DF-4A3B4B669771} = Copy
{3DA169A5-3DBC-BBCA-4366-0B8678D5B765} = Catalyst Control Center Graphics Previews Common
{3FA365DF-2D68-45ED-8F83-8C8A33E65143} = Apple Application Support
{41E654A9-26D0-4EAC-854B-0FA824FFFABB} = Windows Live Messenger
{4220E7CF-9ED6-132C-1964-FE00A5FA00C5} = ATI Catalyst Install Manager
{43CDF946-F5D9-4292-B006-BA0D92013021} = WebReg
{440B915A-0C85-45DB-92AE-75AE14704A64} = Fax
{4944DAC1-2923-4D8E-908A-D08E2998ADBE} = Trust Webcam Live 
{49E56237-4F46-5E38-FA6E-5A6651C355C7} = CCC Help English
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4} = SolutionCenter
{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35} = UnloadSupport
{52B97218-98CB-4B8B-9283-D213C85E1AA4} = Windows Live Anmelde-Assistent
{5EE7D259-D137-4438-9A5F-42F432EC0421} = VC80CRTRedist - 8.0.50727.4053
{5FC68772-6D56-41C6-9DF1-24E868198AE6} = Windows Live Call
{60DE4033-9503-48D1-A483-7846BD217CA9} = ICQ6.5
{63FF21C9-A810-464F-B60A-3111747B1A6D} = GPBaseService2
{675D173B-F754-9B62-A847-A78117B3FCEA} = CCC Help Italian
{681B698F-C997-42C3-B184-B489C6CA24C9} = HPPhotoSmartDiscLabelContent1
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} = Apple Software Update
{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91} = HPSSupply
{6BBA26E9-AB03-4FE7-831A-3535584CA002} = Toolbox
{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA} = IncrediMail
{6E5BC38E-F22B-4197-00A2-CD8E58EF139D} = FUSSBALL MANAGER 2005
{7059BDA7-E1DB-442C-B7A1-6144596720A4} = HP Update
{716E0306-8318-4364-8B8F-0CC4E9376BAC} = MSXML 4.0 SP2 Parser and SDK
{75247E38-5C9B-45D6-ADF8-E11CB56B4990} = Network
{770657D0-A123-3C07-8E44-1C83EC895118} = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{77791725-5D50-C0DE-059A-5C4B5EE8A212} = Catalyst Control Center Graphics Full Existing
{7B63B2922B174135AFC0E1377DD81EC2} = DivX Codec
{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D} = Catalyst Control Center Graphics Full New
{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22} = TuneUp Utilities Language Pack (de-DE)
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} = Microsoft Visual C++ 2005 Redistributable
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{8ADFC4160D694100B5B8A22DE9DCABD9} = DivX Player
{8D7133DE-27D2-47E5-B248-4180278D32AA} = Catalyst Control Center - Branding
{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A} = SmartWebPrinting
{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} = 32 Bit HP CIO Components Installer
{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3} = Microsoft IntelliType Pro 7.0
{95120000-00B9-0409-0000-0000000FF1CE} = Microsoft Application Error Reporting
{986A654F-F1E4-11DD-9FCA-005056C00008} = Paragon Partition Manager™ 10.0 Personal
{98E8A2EF-4EAE-43B8-A172-74842B764777} = InterVideo WinDVD 4
{9B362566-EC1B-4700-BB9C-EC661BDE2175} = DocProc
{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB} = AIO_CDB_Software
{A01AC54A-5BB8-FE08-1854-5427457FCBCB} = CCC Help Spanish
{A5F68DC8-0278-4AD8-B413-861509B5F25B} = ArcSoft Panorama Maker 3
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
{AADD9821-3290-1B1F-D164-1F6D20601FAF} = Catalyst Control Center HydraVision Full
{AC76BA86-7AD7-1031-7B44-A93000000001} = Adobe Reader 9.3.2 - Deutsch
{AD646716-2554-666F-6F72-A5D5B96CF046} = CCC Help German
{B13A7C41581B411290FBC0395694E2A9} = DivX Converter
{B61ED343-0B14-4241-999C-490CB1A20DA4} = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
{BD7204BA-DD64-499E-9B55-6A282CDF4FA4} = Destinations
{BE1B109A-F0D0-2406-AFDB-FEBF9C4E0D9A} = CCC Help Polish
{BEE64C14-BEF1-4610-8A68-A16EAA47B882} = Futuremark SystemInfo
{C43326F5-F135-4551-8270-7F7ABA0462E1} = HPProductAssistant
{C679F9B9-C65D-4C65-BD6C-BF90B859E281} = Trust WB-1300N Webcam Live
{CAE4213F-F797-439D-BD9E-79B71D115BE3} = HPPhotoGadget
{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB} = WinZip 14.0
{D2FCC1AE-6311-47C5-8130-C6C66D77DD71} = Nikon Message Center
{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} = TuneUp Utilities
{D79113E7-274C-470B-BD46-01B10219DF6A} = HPPhotosmartEssential
{D7A5E624-2D7D-57FE-34C7-1076A29B3C65} = Catalyst Control Center InstallProxy
{DF6F459C-8B89-4F88-B63F-A2E136BB6B79} = SweetIM for Messenger 2.8
{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674} = Catalyst Control Center Core Implementation
{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
{E60B8506-DDC7-433d-AF9E-999D0F543C4A} = 2570_Help
{E7112940-5F8E-4918-B9FE-251F2F8DC81F} = AIO_CDB_ProductContext
{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B} = 2570
{ED00D08A-3C5F-488D-93A0-A04F21F23956} = Windows Live Communications Platform
{EE93929B-2923-445B-BCA7-BC57D1A4D708} = NetSchafkopf
{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3} = Microsoft IntelliPoint 7.0
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} = Microsoft Choice Guard
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} = Realtek High Definition Audio Driver
{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD} = 2570Trb
{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1 = AntiBrowserSpy
{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} = Windows Live Essentials
{FF3999BE-1A7B-4738-88AA-97BF14094A4A} = PictureProject
{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin
Adobe Shockwave Player = Adobe Shockwave Player 11.5
Ashampoo Burning Studio 6 FREE_is1 = Ashampoo Burning Studio 6 FREE
briblo = briblo Screen Saver
Das Quiz mit Jörg Pilawa = Das Quiz mit Jörg Pilawa
Franzis Fahrschule_is1 = Franzis Fahrschule
Free Billiards 2008_is1 = Free Billiards 2008
GTR 2_is1 = GTR 2
HP Imaging Device Functions = HP Imaging Device Functions 13.0
HP Photosmart Essential = HP Photosmart Essential 3.5
HP Smart Web Printing = HP Smart Web Printing 4.60
HP Solution Center & Imaging Support Tools = HP Solution Center 13.0
HPExtendedCapabilities = HP Customer Participation Program 13.0
HPOCR = OCR Software by I.R.I.S. 13.0
IncrediMail = IncrediMail 2.0
InstallShield_{4944DAC1-2923-4D8E-908A-D08E2998ADBE} = Trust Webcam Live 
Knippel Shareware = Knippel Shareware
Mozilla Firefox (3.6.3) = Mozilla Firefox (3.6.3)
N360 = Norton 360
Nikon FotoShare = Nikon FotoShare
OpenAL = OpenAL
POI FINDER (iGO My way 8)_is1 = POI FINDER 3.67 (iGO My way 8)
QuicktimeAlt_is1 = QuickTime Alternative 2.7.0
RACE_is1 = RACE
RealPlayer 12.0 = RealPlayer
SAMSUNG Mobile Modem = SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive = Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem = SAMSUNG Mobile USB Modem Software
SAMSUNG Mobile USB Modem 1.0 = SAMSUNG Mobile USB Modem 1.0 Software
SeaMonkey (2.0.2) = SeaMonkey (2.0.2)
Shop for HP Supplies = Shop for HP Supplies
Skat! 2000 = Skat! 2000
TuneUp Utilities = TuneUp Utilities
WinGimp-2.0_is1 = GIMP 2.6.8
WinLiveSuite_Wave3 = Windows Live Essentials
Yahoo! Companion = Yahoo! Toolbar
Yahoo! Messenger = Yahoo! Messenger
Yahoo! Software Update = Yahoo! Software Update
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
SKIP-BO Castaway Caper(TM) = SKIP-BO Castaway Caper(TM)
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Protokollname: System
Quelle:    Microsoft-Windows-Kernel-Power
Datum:     15.04.2010 18:03:36
Ereignis-ID:  41
Aufgabenkategorie:(63)
Ebene:     Kritisch
Schlüsselwörter:(2)
Benutzer:   SYSTEM
Computer:   Jörg´sPC
Beschreibung:
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.
Ereignis-XML:
<Event xmlns=[url]http://schemas.microsoft.com/win/2004/08/events/event>[/url]
 <System>
  <Provider Name=Microsoft-Windows-Kernel-Power Guid={331C3B3A-2005-44C2-AC5E-77220C37D6B4} />
  <EventID>41</EventID>
  <Version>2</Version>
  <Level>1</Level>
  <Task>63</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000002</Keywords>
  <TimeCreated SystemTime=2010-04-15T16:03:36.986000000Z />
  <EventRecordID>39854</EventRecordID>
  <Correlation />
  <Execution ProcessID=4 ThreadID=8 />
  <Channel>System</Channel>
  <Computer>Jörg´sPC</Computer>
  <Security UserID=S-1-5-18 />
 </System>
 <EventData>
  <Data Name=BugcheckCode>142</Data>
  <Data Name=BugcheckParameter1>0xc0000005</Data>
  <Data Name=BugcheckParameter2>0x0</Data>
  <Data Name=BugcheckParameter3>0xe283b100</Data>
  <Data Name=BugcheckParameter4>0x0</Data>
  <Data Name=SleepInProgress>false</Data>
  <Data Name=PowerButtonTimestamp>0</Data>
 </EventData>
</Event>