Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System/Network infected or not?


  • This topic is locked This topic is locked
4 replies to this topic

#1 SNDjunkie

SNDjunkie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 26 October 2009 - 03:35 PM

Hey there.

For about a week now some problems occured in the LAN of our living community. A lot of suspicions and blames have been spoken and I'm very tired of this. I must admit that it's a bit strange that my computer is the only one working without problems, for I have no different av/fw than the other guys here. I guess none of us has the knowledge to really find out whats going on, to me it sounds like a virus, someone here even thinks he has been hacked. I've tried some regular ways of detecting malware/viruses etc, but without results. I guess a touch of paranoia has come to me as well when I found some locked registry entries I couldn't find out what they're for as well as some files in the recycler I'm not able to delete, even with the Eraser-tool.

That's why I finally decided to follow the instructions on this site (the tutorials and tools provided are great btw, thanks 4 that.) and post my logfiles here. I'd really like to know whether my PC is infected/hacked/whatever or not, so this is hopefully solved ones and for all.

I created a combofix-logfile before reading the instructions on how to open a post here, so I'll just attach that one as well.

Thanks a lot in advance, you're doing a great job here!

Greetz, Theo

PS.: I just notice that the reports state my Oupost firewall was enabled when creating the log. It was actually set to "disabled". The system-component-control was still active though... Any fw-popup-window coming up while the progs were working has been quit by "Allow" or "Ok". ;-)


DDS (Ver_09-10-26.01) - NTFSx86
Run by Theo at 20:56:49,76 on 26.10.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1578 [GMT 4,5:30]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\WINXP\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\System32\TUProgSt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Theo\Desktop\dds.scr

============== Pseudo HJT Report ===============

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
uRun: [Eraser] c:\programme\eraser\eraser.exe -hide
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
uPolicies-explorer: MaxRecentDocs = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\programme\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\programme\agnitum\outpost firewall pro\ie_bar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\theo\anwend~1\mozilla\firefox\profiles\qymxczoe.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\programme\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 SandBox;SandBox;c:\winxp\system32\drivers\SandBox.sys [2008-12-11 673920]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2008-12-11 390984]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2009-6-29 108289]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\programme\gemeinsame dateien\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\winxp\system32\TUProgSt.exe [2008-12-13 603904]
R3 afw;Agnitum firewall driver;c:\winxp\system32\drivers\afw.sys [2008-12-11 30864]
R3 afwcore;afwcore;c:\winxp\system32\drivers\afwcore.sys [2008-12-11 234640]
S3 ASWFilt;ASWFilt;c:\winxp\system32\filt\ASWFilt.dll [2008-12-11 33408]
S3 avmeject;AVM Eject;c:\winxp\system32\drivers\avmeject.sys [2008-12-11 4352]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\winxp\system32\drivers\fwlanusb.sys [2008-12-11 265088]
S4 gupdate1ca18c97d5a9724;Google Update Service (gupdate1ca18c97d5a9724);c:\programme\google\update\GoogleUpdate.exe [2009-8-9 133104]

=============== Created Last 30 ================

2009-10-26 15:55:32 0 d-sha-r- C:\cmdcons
2009-10-26 15:54:32 98816 ----a-w- c:\winxp\sed.exe
2009-10-26 15:54:32 77312 ----a-w- c:\winxp\MBR.exe
2009-10-26 15:54:32 236544 ----a-w- c:\winxp\PEV.exe
2009-10-26 15:54:32 161792 ----a-w- c:\winxp\SWREG.exe
2009-10-26 15:27:03 83344 ----a-w- c:\winxp\system32\Erasext.dll
2009-10-26 15:27:03 73104 ----a-w- c:\winxp\system32\Eraserl.exe
2009-10-26 15:27:03 307088 ----a-w- c:\winxp\system32\Eraser.dll
2009-10-26 15:27:03 0 d-----w- c:\programme\Eraser
2009-10-26 15:13:17 0 d-----w- c:\winxp\system32\wbem\Repository
2009-10-25 09:20:50 0 d-----r- c:\programme\Skype
2009-10-25 08:24:43 56 ---ha-w- c:\winxp\system32\ezsidmv.dat
2009-10-22 14:48:48 0 d-----w- c:\programme\RegCleaner
2009-10-22 09:58:00 126976 -c----w- c:\winxp\system32\dllcache\ftpsvc2.dll
2009-10-22 09:55:48 2066432 -c----w- c:\winxp\system32\dllcache\mstscax.dll
2009-10-22 09:47:56 2191616 -c----w- c:\winxp\system32\dllcache\ntoskrnl.exe
2009-10-22 09:47:56 2147840 -c----w- c:\winxp\system32\dllcache\ntkrnlmp.exe
2009-10-22 09:47:56 2068480 -c----w- c:\winxp\system32\dllcache\ntkrnlpa.exe
2009-10-22 09:47:56 2026496 -c----w- c:\winxp\system32\dllcache\ntkrpamp.exe
2009-10-22 09:47:05 3072 ------w- c:\winxp\system32\xpsp4res.dll
2009-10-22 09:45:17 0 d-----w- c:\programme\Messenger
2009-10-21 22:44:12 283648 ----a-w- c:\winxp\uninst.exe
2009-10-21 22:44:09 0 d-----w- c:\dokumente und einstellungen\theo\WINDOWS
2009-10-21 22:38:41 546 ----a-w- c:\winxp\system32\autoexec2.nt
2009-10-21 15:01:57 0 d-----w- c:\programme\Masters of Orion 2
2009-10-21 13:07:38 0 d-----w- c:\programme\Active KillDisk Suite
2009-10-15 18:45:51 0 d-----w- c:\programme\Civilization 4
2009-10-05 19:11:37 0 d-----w- c:\programme\Dungeon Siege 2
2009-10-01 09:16:17 0 d-----w- c:\programme\Hellgate London
2009-09-30 19:07:19 0 d-----w- c:\dokume~1\theo\anwend~1\GetRightToGo
2009-09-29 18:41:34 0 d-----w- c:\programme\Call of Juarez

==================== Find3M ====================

2009-10-26 16:19:34 80704 ----a-w- c:\winxp\system32\perfc007.dat
2009-10-26 16:19:34 449614 ----a-w- c:\winxp\system32\perfh007.dat
2009-09-11 14:17:01 136192 ----a-w- c:\winxp\system32\msv1_0.dll
2009-09-04 21:03:28 58880 ----a-w- c:\winxp\system32\msasn1.dll
2009-09-04 13:14:40 69464 ----a-w- c:\winxp\system32\XAPOFX1_3.dll
2009-09-04 13:14:40 515416 ----a-w- c:\winxp\system32\XAudio2_5.dll
2009-09-04 13:14:40 238936 ----a-w- c:\winxp\system32\xactengine3_5.dll
2009-09-04 12:59:34 453456 ----a-w- c:\winxp\system32\d3dx10_42.dll
2009-09-04 12:59:34 235344 ----a-w- c:\winxp\system32\d3dx11_42.dll
2009-09-04 12:59:32 5501792 ----a-w- c:\winxp\system32\d3dcsx_42.dll
2009-09-04 12:59:32 1974616 ----a-w- c:\winxp\system32\D3DCompiler_42.dll
2009-09-04 12:59:30 1892184 ----a-w- c:\winxp\system32\D3DX9_42.dll
2009-08-30 19:39:07 43520 ----a-w- c:\winxp\system32\CmdLineExt03.dll
2009-08-29 09:15:56 21840 ----atw- c:\winxp\system32\SIntfNT.dll
2009-08-29 09:15:56 17212 ----atw- c:\winxp\system32\SIntf32.dll
2009-08-29 09:15:56 12067 ----atw- c:\winxp\system32\SIntf16.dll
2009-08-29 07:24:57 832512 ------w- c:\winxp\system32\wininet.dll
2009-08-29 07:24:49 78336 ----a-w- c:\winxp\system32\ieencode.dll
2009-08-29 07:24:47 17408 ----a-w- c:\winxp\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\winxp\system32\strmdll.dll
2009-08-05 08:59:36 206336 ----a-w- c:\winxp\system32\mswebdvd.dll
2009-08-04 17:20:14 2147840 ------w- c:\winxp\system32\ntoskrnl.exe
2009-08-04 17:20:14 2026496 ------w- c:\winxp\system32\ntkrnlpa.exe
2008-12-10 15:18:57 32768 --sha-w- c:\winxp\system32\config\systemprofile\lokale einstellungen\temporary internet files\content.ie5\index.dat
2008-12-10 15:18:57 32768 --sha-w- c:\winxp\system32\config\systemprofile\lokale einstellungen\verlauf\history.ie5\index.dat
2008-12-10 15:18:55 32768 --sha-w- c:\winxp\system32\config\systemprofile\lokale einstellungen\verlauf\history.ie5\mshist012008121020081211\index.dat

============= FINISH: 20:57:05,25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 AM

Posted 02 November 2009 - 03:39 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 SNDjunkie

SNDjunkie
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 05 November 2009 - 09:26 PM

Hey _temp_ and thanks for the reply,

here are the logfiles you requested. The problems were on the two other computers in our local network, I didn't have any. But I'd really like to know if my system is clean, because I have been blamed by the guys living here with me, that some bad stuff might have used my PC to spread into the network. So it would be really great if you could have a look at the logs and see if there's something wrong at first glance. But please don't put to much time into this, there are for sure people that need your help more than I do... as I said: my system works, but I'm not sure if there's something lingering in the dark.. ;-)

Greetz, Theo

-------------------------

OTL Extras logfile created on: 06.11.2009 03:13:55 - Run 1
OTL by OldTimer - Version 3.1.3.4 Folder = C:\Dokumente und Einstellungen\Theo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,59% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 5155 5155 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 20,65 Gb Free Space | 8,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SNDJUNKIE
Current User Name: Theo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Theo\Eigene Dateien\saves\System\utorrent.exe" = C:\Dokumente und Einstellungen\Theo\Eigene Dateien\saves\System\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Worms World Party\wwp.exe" = C:\Programme\Worms World Party\wwp.exe:*:Enabled:Worms World Party -- (Team17 Software Ltd)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ -- (ICQ, LLC.)
"C:\WINXP\system32\dplaysvr.exe" = C:\WINXP\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Demigod\bin\Demigod.exe" = C:\Programme\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- (Gas Powered Games)
"C:\Programme\Soulseek\slsk.exe" = C:\Programme\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Programme\Call of Juarez\CoJBiBGame_x86.exe" = C:\Programme\Call of Juarez\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood -- (Techland)
"C:\WINXP\system32\dpnsvr.exe" = C:\WINXP\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Programme\Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Programme\Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Programme\Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Programme\Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6A54CCD2-8D8E-40C0-8F89-33153E81A22F}" = Sid Meier's Civilization 4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = THE SETTLERS - Heritage of Kings (all products)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FD024BC1-B096-4FD0-A1A1-B3DD2F315854}_is1" = Borderlands
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agnitum Outpost Firewall Pro_is1" = Agnitum Outpost Firewall Pro
"Alarm Clock_is1" = Alarm Clock v1.0
"AutoGK" = Auto Gordian Knot 2.45
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Crimsonland_is1" = Crimsonland
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"foobar2000" = foobar2000 v0.9.6.5
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NVIDIA Drivers" = NVIDIA Drivers
"Soulseek2" = SoulSeek 157 NS 13e
"Steinberg WaveLab 5.01a" = Steinberg WaveLab 5.01a
"VLC media player" = VLC media player 1.0.0
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"xp-AntiSpy" = xp-AntiSpy 3.97
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.11.2009 10:31:15 | Computer Name = SNDJUNKIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x03d1c16c.

Error - 03.11.2009 10:31:44 | Computer Name = SNDJUNKIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul DivXDecH264.ax, Version 8.2.0.26, Fehleradresse 0x001318ef.

Error - 03.11.2009 10:32:21 | Computer Name = SNDJUNKIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x03c9c134.

Error - 03.11.2009 13:07:22 | Computer Name = SNDJUNKIE | Source = MsiInstaller | ID = 11500
Description = Produkt: NVIDIA PhysX -- Fehler 1500. Eine andere Installation wird
durchgeführt. Schließen Sie erst die andere Installation ab, bevor Sie mit dieser
Installation fortfahren.

Error - 03.11.2009 13:09:28 | Computer Name = SNDJUNKIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung borderlands.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 03.11.2009 13:12:41 | Computer Name = SNDJUNKIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung borderlands.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 03.11.2009 13:15:05 | Computer Name = SNDJUNKIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung borderlands.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 04.11.2009 09:24:08 | Computer Name = SNDJUNKIE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x04fb18ef.

Error - 05.11.2009 12:58:04 | Computer Name = SNDJUNKIE | Source = MsiInstaller | ID = 11719
Description = Produkt: Call of Juarez - Bound in Blood -- Fehler 1719. Windows Installer
service could not be accessed. Contact your support personnel to verify that it
is properly registered and enabled.

Error - 05.11.2009 13:07:11 | Computer Name = SNDJUNKIE | Source = MsiInstaller | ID = 11706
Description = Product: Hellgate: London -- Error 1706. An installation package for
the product Hellgate: London cannot be found. Try the installation again using
a valid copy of the installation package 'HGL_x86.msi'.

[ System Events ]
Error - 02.11.2009 08:52:47 | Computer Name = SNDJUNKIE | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers
fehlgeschlagen: %%5

Error - 02.11.2009 08:52:47 | Computer Name = SNDJUNKIE | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers
fehlgeschlagen: %%5

Error - 03.11.2009 04:18:48 | Computer Name = SNDJUNKIE | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
00219796F5B5 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 03.11.2009 12:30:33 | Computer Name = SNDJUNKIE | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 03.11.2009 13:06:59 | Computer Name = SNDJUNKIE | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 03.11.2009 13:12:40 | Computer Name = SNDJUNKIE | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 03.11.2009 13:14:45 | Computer Name = SNDJUNKIE | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 03.11.2009 14:15:34 | Computer Name = SNDJUNKIE | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ERD",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7596FCEE-74CD-4D30-8BED-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error - 03.11.2009 14:51:39 | Computer Name = SNDJUNKIE | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ERD",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7596FCEE-74CD-4D30-8BED-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error - 03.11.2009 16:03:31 | Computer Name = SNDJUNKIE | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ERD",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7596FCEE-74CD-4D30-8BED-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

[ TuneUp Events ]
Error - 18.08.2009 14:44:25 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-18 23:14:25', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','140',0)

Error - 18.08.2009 14:44:25 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-18 23:14:25', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','1392',0)

Error - 19.08.2009 14:27:33 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-19 22:57:33', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','3192',0)

Error - 19.08.2009 14:28:03 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-19 22:58:03', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','3508',0)

Error - 19.08.2009 15:21:16 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-19 23:51:15', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','1872',0)

Error - 19.08.2009 15:21:41 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-19 23:51:41', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','3532',0)

Error - 19.08.2009 18:45:06 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-20 03:15:06', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','296',0)

Error - 22.08.2009 04:17:29 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 12:47:29', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','2748',0)

Error - 29.08.2009 09:29:41 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-29 17:59:41', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','1404',0)

Error - 29.08.2009 09:32:51 | Computer Name = SNDJUNKIE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-29 18:02:51', '\device\harddiskvolume2\programme\sid
meier's pirates!\pirates!.exe','3552',0)


< End of report >

--------------------------------------

OTL logfile created on: 06.11.2009 03:13:55 - Run 1
OTL by OldTimer - Version 3.1.3.4 Folder = C:\Dokumente und Einstellungen\Theo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,59% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 5155 5155 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 20,65 Gb Free Space | 8,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SNDJUNKIE
Current User Name: Theo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.11.06 03:13:19 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Theo\Desktop\OTL.exe
PRC - [2009.10.29 19:31:04 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.10.09 03:37:13 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Dokumente und Einstellungen\Theo\Eigene Dateien\saves\System\utorrent.exe
PRC - [2009.09.27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\system32\nvsvc32.exe
PRC - [2009.07.21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.13 15:39:41 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINXP\system32\TUProgSt.exe
PRC - [2008.09.24 14:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.04.14 15:30:00 | 01,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2008.04.14 15:30:00 | 01,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009.11.06 03:13:19 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Theo\Desktop\OTL.exe
MOD - [2008.04.14 15:30:00 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINXP\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008.04.14 15:30:00 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.09.27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009.08.09 12:44:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdate1ca18c97d5a9724)
SRV - [2009.07.21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.13 15:39:41 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINXP\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2008.12.13 15:39:39 | 00,360,192 | ---- | M] (TuneUp Software) -- C:\WINXP\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.12.11 17:01:36 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\WINXP\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.12.06 16:47:26 | 00,390,984 | ---- | M] (Agnitum Ltd.) -- C:\Programme\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV - [2008.09.24 14:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.04.14 15:30:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINXP\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007.10.24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007.10.11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.10.11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2007.10.09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2006.11.03 13:26:28 | 00,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV - [2009.09.27 16:12:22 | 07,655,872 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.09.23 10:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) -- C:\WINXP\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.08.22 19:24:08 | 00,279,712 | ---- | M] () -- C:\WINXP\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.22 19:24:08 | 00,025,888 | ---- | M] () -- C:\WINXP\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.14 13:47:24 | 00,717,296 | ---- | M] () -- C:\WINXP\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.07.11 15:42:08 | 00,033,408 | ---- | M] (Agnitum Ltd.) -- C:\WINXP\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2008.07.11 15:41:28 | 00,673,920 | ---- | M] (Agnitum Ltd.) -- C:\WINXP\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2008.06.30 17:16:14 | 00,234,640 | ---- | M] (Agnitum Ltd.) -- C:\WINXP\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008.06.30 17:16:00 | 00,030,864 | ---- | M] (Agnitum Ltd.) -- C:\WINXP\system32\drivers\afw.sys -- (afw)
DRV - [2008.04.14 15:30:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINXP\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 15:30:00 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 15:30:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 15:30:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008.04.14 15:30:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINXP\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.04.14 15:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINXP\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007.12.20 03:34:00 | 00,265,088 | R--- | M] (AVM GmbH) -- C:\WINXP\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.12.20 03:34:00 | 00,004,352 | R--- | M] (AVM Berlin) -- C:\WINXP\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.07.10 06:26:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.03.08 04:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINXP\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007.03.06 08:57:32 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.03.06 08:57:28 | 00,058,752 | R--- | M] (NVIDIA Corporation) -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.07.01 23:30:28 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINXP\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-776561741-484763869-682003330-1003\S-1-5-21-776561741-484763869-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.10.29 19:31:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.29 19:31:09 | 00,000,000 | ---D | M]

[2008.12.11 18:44:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Theo\Anwendungsdaten\Mozilla\Extensions
[2008.12.11 18:44:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Theo\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008.12.11 18:44:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Theo\Anwendungsdaten\Mozilla\Firefox\Profiles\qymxczoe.default\extensions
[2009.11.05 22:21:55 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.29 19:31:09 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.10.25 12:51:10 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008.12.13 15:14:02 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.10.29 19:31:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.10.29 19:31:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.02 01:32:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\libdivx.dll
[2009.05.12 23:16:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
[2009.05.19 03:11:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009.10.29 19:31:06 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2009.05.02 01:32:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\ssldivx.dll
[2009.04.22 21:42:21 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.04.22 21:42:21 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.04.22 21:42:21 | 00,001,706 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.04.22 21:42:21 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.04.22 21:42:21 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.04.22 21:42:21 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: (736 bytes) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-484763869-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Programme\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-484763869-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 1
O7 - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-484763869-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-776561741-484763869-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\Msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\Msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINXP\system32\nwprovau.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.10 19:44:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINXP\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.11.06 03:13:19 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Theo\Desktop\OTL.exe
[2009.11.05 22:25:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Eigene Dateien\THE SETTLERS - Heritage of Kings
[2009.11.05 22:16:28 | 00,000,000 | ---D | C] -- C:\Programme\Siedler 5
[2009.11.05 21:43:48 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Theo\Recent
[2009.11.05 20:38:18 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
[2009.11.03 21:37:00 | 00,000,000 | ---D | C] -- C:\Programme\DIFX
[2009.11.03 21:36:06 | 00,043,520 | ---- | C] (Advanced Micro Devices) -- C:\WINXP\System32\drivers\AmdK8.sys
[2009.11.03 21:36:06 | 00,000,000 | ---D | C] -- C:\WINXP\System32\DRVSTORE
[2009.11.03 21:00:53 | 00,000,000 | ---D | C] -- C:\Programme\Borderlands
[2009.11.03 02:52:57 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\Temp
[2009.11.02 17:22:10 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\avipbb.sys
[2009.11.02 17:22:10 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\avgntdd.sys
[2009.11.02 17:22:10 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\ssmdrv.sys
[2009.11.02 17:22:10 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\avgntmgr.sys
[2009.11.02 17:22:06 | 00,000,000 | ---D | C] -- C:\Programme\Avira
[2009.11.02 17:22:06 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2009.11.02 16:47:59 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009.10.28 13:50:58 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\DoctorWeb
[2009.10.27 22:28:53 | 00,000,000 | ---D | C] -- C:\Programme\Crysis
[2009.10.27 13:14:47 | 00,000,000 | ---D | C] -- C:\Programme\HijackThis
[2009.10.26 20:39:15 | 00,000,000 | ---D | C] -- C:\WINXP\temp
[2009.10.26 20:25:32 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009.10.26 20:24:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe
[2009.10.26 20:24:32 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe
[2009.10.26 20:24:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe
[2009.10.26 20:24:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe
[2009.10.26 19:57:39 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\Eraser
[2009.10.26 16:24:06 | 00,000,000 | ---D | C] -- C:\WINXP\ERDNT
[2009.10.25 13:50:55 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2009.10.25 13:50:50 | 00,000,000 | R--D | C] -- C:\Programme\Skype
[2009.10.25 13:50:36 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2009.10.25 12:54:42 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Anwendungsdaten\skypePM
[2009.10.25 12:51:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Anwendungsdaten\Skype
[2009.10.22 19:18:48 | 00,000,000 | ---D | C] -- C:\Programme\RegCleaner
[2009.10.22 14:55:57 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2009.10.22 14:28:00 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ftpsvc2.dll
[2009.10.22 14:25:48 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mstscax.dll
[2009.10.22 14:21:43 | 00,000,000 | ---D | C] -- C:\WINXP\ie7updates
[2009.10.22 14:17:56 | 02,191,616 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ntoskrnl.exe
[2009.10.22 14:17:56 | 02,147,840 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ntkrnlmp.exe
[2009.10.22 14:17:56 | 02,068,480 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ntkrnlpa.exe
[2009.10.22 14:17:56 | 02,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ntkrpamp.exe
[2009.10.22 14:17:05 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\xpsp4res.dll
[2009.10.22 14:15:36 | 00,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\spmsg.dll
[2009.10.22 14:15:17 | 00,000,000 | ---D | C] -- C:\Programme\Messenger
[2009.10.22 03:14:12 | 00,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\WINXP\uninst.exe
[2009.10.22 03:14:09 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\WINDOWS
[2009.10.21 19:31:57 | 00,000,000 | ---D | C] -- C:\Programme\Masters of Orion 2
[2009.10.21 17:51:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Desktop\Games
[2009.10.21 17:37:58 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.10.18 23:09:59 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Eigene Dateien\Soulseek Chat Logs
[2009.10.16 18:43:13 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\My Games
[2009.10.15 23:15:51 | 00,000,000 | ---D | C] -- C:\Programme\Civilization 4
[2009.10.10 16:10:07 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\The Witcher
[4 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.11.06 03:13:19 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Theo\Desktop\OTL.exe
[2009.11.06 03:07:00 | 00,001,088 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2009.11.06 03:07:00 | 00,001,084 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2009.11.05 22:14:13 | 01,045,668 | ---- | M] () -- C:\WINXP\System32\PerfStringBackup.INI
[2009.11.05 22:14:13 | 00,449,944 | ---- | M] () -- C:\WINXP\System32\perfh007.dat
[2009.11.05 22:14:13 | 00,433,608 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2009.11.05 22:14:13 | 00,080,902 | ---- | M] () -- C:\WINXP\System32\perfc007.dat
[2009.11.05 22:14:13 | 00,067,928 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2009.11.05 22:09:38 | 00,253,748 | ---- | M] () -- C:\WINXP\System32\NvApps.xml
[2009.11.05 22:09:36 | 00,000,006 | -H-- | M] () -- C:\WINXP\tasks\SA.DAT
[2009.11.05 22:09:34 | 00,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2009.11.05 21:44:01 | 07,434,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Theo\ntuser.dat
[2009.11.05 04:17:46 | 00,136,704 | ---- | M] () -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.03 21:42:13 | 00,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2009.11.03 21:35:21 | 00,000,289 | RHS- | M] () -- C:\boot.ini
[2009.11.02 17:13:02 | 00,000,736 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2009.10.28 13:17:25 | 00,000,603 | ---- | M] () -- C:\WINXP\win.ini
[2009.10.28 13:17:25 | 00,000,227 | ---- | M] () -- C:\WINXP\system.ini
[2009.10.26 16:05:53 | 00,004,757 | ---- | M] () -- C:\WINXP\imsins.BAK
[2009.10.25 12:54:43 | 00,000,056 | -H-- | M] () -- C:\WINXP\System32\ezsidmv.dat
[2009.10.25 07:20:35 | 02,109,472 | -H-- | M] () -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.10.25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINXP\MBR.exe
[2009.10.22 14:37:33 | 00,121,336 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2009.10.22 03:11:33 | 00,000,546 | ---- | M] () -- C:\WINXP\System32\autoexec2.nt
[2009.10.21 17:52:22 | 00,000,083 | ---- | M] () -- C:\WINXP\wwp.INI
[2009.10.21 13:27:41 | 00,034,775 | ---- | M] () -- C:\Dokumente und Einstellungen\Theo\Desktop\f5l0pt+z.torrent.part.torrent
[2009.10.20 14:25:06 | 00,000,207 | ---- | M] () -- C:\Boot.bak
[2009.10.20 12:25:43 | 00,000,438 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts.ics
[2009.10.18 13:41:24 | 00,020,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009.10.11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINXP\PEV.exe
[4 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.10.26 20:24:32 | 00,236,544 | ---- | C] () -- C:\WINXP\PEV.exe
[2009.10.26 20:24:32 | 00,098,816 | ---- | C] () -- C:\WINXP\sed.exe
[2009.10.26 20:24:32 | 00,080,412 | ---- | C] () -- C:\WINXP\grep.exe
[2009.10.26 20:24:32 | 00,077,312 | ---- | C] () -- C:\WINXP\MBR.exe
[2009.10.26 20:24:32 | 00,068,096 | ---- | C] () -- C:\WINXP\zip.exe
[2009.10.26 16:33:41 | 00,000,207 | ---- | C] () -- C:\Boot.bak
[2009.10.26 16:33:37 | 00,262,448 | ---- | C] () -- C:\cmldr
[2009.10.25 12:54:43 | 00,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat
[2009.10.22 03:08:41 | 00,000,546 | ---- | C] () -- C:\WINXP\System32\autoexec2.nt
[2009.10.21 13:27:41 | 00,034,775 | ---- | C] () -- C:\Dokumente und Einstellungen\Theo\Desktop\f5l0pt+z.torrent.part.torrent
[2009.10.18 14:07:14 | 00,022,329 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PDFX1a 2001.joboptions
[2009.10.18 14:07:14 | 00,022,200 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PDFX3 2002.joboptions
[2009.10.18 14:07:14 | 00,021,900 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PDFA DRAFT.joboptions
[2009.10.18 14:07:14 | 00,016,182 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Smallest File Size.joboptions
[2009.10.18 14:07:14 | 00,016,011 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\High Quality Print.joboptions
[2009.10.18 14:07:14 | 00,015,243 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Press Quality.joboptions
[2009.10.18 14:07:14 | 00,014,800 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Standard.joboptions
[2009.08.31 00:25:52 | 00,354,816 | ---- | C] () -- C:\WINXP\System32\psisdecd.dll
[2009.08.31 00:09:07 | 00,043,520 | ---- | C] () -- C:\WINXP\System32\CmdLineExt03.dll
[2009.08.29 13:40:40 | 00,021,840 | ---- | C] () -- C:\WINXP\System32\SIntfNT.dll
[2009.08.29 13:40:40 | 00,017,212 | ---- | C] () -- C:\WINXP\System32\SIntf32.dll
[2009.08.29 13:40:40 | 00,012,067 | ---- | C] () -- C:\WINXP\System32\SIntf16.dll
[2009.08.22 19:24:08 | 00,279,712 | ---- | C] () -- C:\WINXP\System32\drivers\atksgt.sys
[2009.08.22 19:24:08 | 00,025,888 | ---- | C] () -- C:\WINXP\System32\drivers\lirsgt.sys
[2009.08.11 11:51:47 | 00,540,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Theo\Anwendungsdaten\624cd2572723b04130f5dee4dbdc338c-i686.cache-2
[2009.05.31 01:21:50 | 00,000,023 | ---- | C] () -- C:\WINXP\BlendSettings.ini
[2009.03.11 21:37:20 | 00,000,083 | ---- | C] () -- C:\WINXP\wwp.INI
[2009.01.21 20:45:24 | 00,000,000 | ---- | C] () -- C:\WINXP\cdplayer.ini
[2009.01.21 16:28:57 | 00,000,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Theo\Anwendungsdaten\AutoGK.ini
[2009.01.14 16:58:24 | 00,004,767 | ---- | C] () -- C:\WINXP\Irremote.ini
[2009.01.05 12:28:49 | 00,000,394 | ---- | C] () -- C:\WINXP\ODBC.INI
[2008.12.24 01:41:59 | 00,136,704 | ---- | C] () -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.14 13:47:24 | 00,717,296 | ---- | C] () -- C:\WINXP\System32\drivers\sptd.sys
[2008.12.11 03:28:51 | 00,020,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2008.12.10 19:55:30 | 02,109,472 | -H-- | C] () -- C:\Dokumente und Einstellungen\Theo\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2008.12.10 19:50:31 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\Theo\Anwendungsdaten\desktop.ini
[2008.10.07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINXP\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelFrench.dll
[2008.09.16 20:39:17 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2008.04.14 15:30:00 | 00,000,603 | ---- | C] () -- C:\WINXP\win.ini
[2008.04.14 15:30:00 | 00,000,227 | ---- | C] () -- C:\WINXP\system.ini
[2007.07.25 17:54:28 | 01,559,040 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll
[2007.03.10 16:21:48 | 00,282,624 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll
[2007.02.09 15:33:58 | 00,030,808 | ---- | C] () -- C:\WINXP\Fonts\GlobalUserInterface.CompositeFont
[2007.02.09 15:33:58 | 00,029,779 | ---- | C] () -- C:\WINXP\Fonts\GlobalSerif.CompositeFont
[2007.02.09 15:33:58 | 00,026,489 | ---- | C] () -- C:\WINXP\Fonts\GlobalSansSerif.CompositeFont
[2007.02.09 15:33:58 | 00,026,040 | ---- | C] () -- C:\WINXP\Fonts\GlobalMonospace.CompositeFont
[2002.10.16 03:24:04 | 00,153,088 | ---- | C] () -- C:\WINXP\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Programme\Agnitum\Outpost Firewall Pro\op_mon.exe:SummaryInformation
< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 AM

Posted 06 November 2009 - 04:20 AM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please run a scan with Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Without knowing what infection hit your network, there are several possible scenarios where others would be infected and not you. For one, depending on the patch status of your and the other machines, it might be a network aware worm using exploits to spread. Maybe the security hole it uses has been closed on your PC and not on others. This is one of the reasons why it is important to keep your PC up to date.
Another possibility could be, that the infection does not spread through network, but that it was contracted over a flash drive and said flash drive wasn't connected to your PC.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 AM

Posted 11 November 2009 - 05:37 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users