Windows XP Trojaner infektion

pckeineahnun · 17.05.2012, 18:08

Hallo,

heute habe ich eine email von einem gewissen lajos79@gmx.de erhalten, mit dem Inhalt:

Sehr geehrte Damen und Herren,

Vielen Dank für Ihren Auftrag bei Rumpf, nachfolgend finden Sie Ihre Kaufbestätigung.

Ihre Transaktionsnummer: 139666361622
Artikel: Samsung 9830097922 8832,40 Euro
Rechnungsname: Wie in Rechnungsdaten abgebildet

Zahlungsmethode: Lastschrift

Versandadresse und detaillierte Rechnung finden Sie aus Sicherheitsmaßnahmen in beigefügtem Anhang.

Die Buchung wurde autorisiert und wird innerhalb 2 Tage abgetragen.
Bestellauflistung und Widerspruch Mitteilung finden Sie im Zusatzordner in der E-Mail.

Ihr Support-Team

Scholz GmbH
Horner Stieg 07
35434 Potsdam

Telefon: (+49) 785 4114589
(Mo-Fr 8.00 bis 19.00 Uhr, Sa 9.00 bis 19.00 Uhr)
Gesellschaftssitz ist Artern/Unstrut
Umsatzsteuer-ID: DE956029782
Geschäftsfuehrer: Dominic König

larry.grays@themidtowndbridge mit dem Inhalt

Hallo Michaela,

Danke für Ihren Kauf bei wechselwild, nachfolgend finden Sie Ihre Antragsbestätigung.

Deine Bezahnummer: 341061462368
Artikel: BenQ 0034718420 8368,42 Euro
Rechnungsname: Michaela

Zahlungsmethode: Per Nachname

Versandadresse und detaillierte Zahlungsdetails finden Sie aus Sicherheitsgründen im Zusatzordner.

Die Buchung wurde autorisiert und wird innerhalb 3 Tage entzogen.
Rechnungseinzelheiten und Stornierung Hinweise finden Sie in beigefügtem Anhang.

Ihr Kundenservice

Schröder GmbH
Blostwiete 56
66441 Essen

Telefon: (+49) 361 5107300
(Mo-Fr 8.00 bis 19.00 Uhr, Sa 9.00 bis 19.00 Uhr)
Gesellschaftssitz ist Alsdorf
Umsatzsteuer-ID: DE066966505
Geschäftsfuehrer: Alexander Günther

Im anhang befanden sich zip dateien, die man nicht öffnen kann. Als ich mich dann bei t-online.de ausloggte, und ich was anderes machen wollte, kam eine meldung von wegen Infiziezrung und dass ich nun 100€ per paysafecard oder Ukash bezahlen müsste für irgendein Sicherheitsupgrade.
Nun ist die Frage was soll ich bzw. kann ich tun?
Könnt ihr mir bitte helfen.

vielen dank im voraus und noch einen schönen Feiertag

pckeineahnun

cosinus · 17.05.2012, 18:45

Zitat:

Im anhang befanden sich zip dateien, die man nicht öffnen kann.

Wieso versuchst du die überhaupt zu öffnen?
Wenn man in keinem Zusammenhang zu den o.g. Firmen steht, ja wenn es solche Firmen offensichtlich nicht mal gibt sollte man einfach mal seinen Verstand benutzen und die Finger von Anhängen in dieser Mail lassen

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

pckeineahnun · 17.05.2012, 18:46

Nein funktioniert leider nicht, habe ich schon ausprobiert.

cosinus · 17.05.2012, 19:11

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

pckeineahnun · 18.05.2012, 20:59

Hallo Arne,

danke schön....

Es hat alles geklappt bis auf das kopieren auf den Stick..
das geht leider nicht, jetzt hat er sich aufgehängt. und nichts geht mehr

cosinus · 19.05.2012, 12:13

Kannst du das auch mal genauer beschreiben, so dass ich nicht rumraten was "nichts geht" bedeutet?

pckeineahnun · 19.05.2012, 17:52

Nun habe ich die beigefügten Daten auf den Stick gebracht. Letztendlich nach durchzechter Nacht vor dem Pc.

Ich weiß nun nicht wie ich weiter machen soll!!!??

Find es klasse, dass so gute Leute gibt, die so "unwissenden Menschen wie mir " das so erklären können, das wir das auch hinbekommen.

Ein ganz herzliches Dankeschön dafür.

Die Dateien kann ich hier leider nicht einfügen :-(

Warte geduldig auf weitere Anweisungen. Danke im voraus.

Grüße

Frage noch:

Möchte Euch ja gerne den Inhalt des Sticks zu kommen lassen....

Aber wie??? Danke auch dafür

cosinus · 20.05.2012, 20:08

Wo ist da denn das Problem?

Wenn die Logs auf dem Stick sind dann poste die einfach von einem Rechner aus, an dem alles noch funktioniert und du auch eine Internetverbindung mit hast!

Ohne die Logs geht es hier nicht weiter weil die entscheidend sind!

pckeineahnun · 21.05.2012, 20:24

Hallo Arne,

sorry irgendwie pack ich das nicht so...

Ich habe mir eine Rescue cD (DE-Cleaner Rettungssystem-DC gebrannt und sie auf dem verseuchten pc laufen lassen..
Nun kann ich zumindest wieder auf meinen pc zugreifen und lasse gerade das Anti vir von Avira laufen.

Es dauert ewigkeiten, zwischendurch muß ich auch noch arbeiten gehen.

Ich habe zumindet mal den Bat/De... drauf , weiter bin ich leider noch nicht gekommen.

Wie soll ich dann weiterverfahren, denn die Datein haben einen verschlüsselten Code wie.... FELsjfoGyU....

Bitte habe etwas nachsicht, bin hier voll der Laie :-( Danke !

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 5/20/2012 7:22:11 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
503.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 63.00% Memory free
455.00 Mb Paging File | 341.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 15.44 Gb Free Space | 41.43% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 7.58 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4381448B-AF21-4088-BE5E-FBD65F610BBC}" = Drucken Total Pro
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5211040E-3953-4918-8383-B5D96EC7400C}" = Steuererklärung 2007
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service
"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B04D453-4C9E-41C9-BA7C-B2B8FF32DE6D}" = Das große Steuer-Sparpaket 2006-2007
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7D6EBF3-435B-4008-AB27-247CDE703E5D}" = Steuer Update 14.01
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}" = DaViDeo 4 professional
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ArcSoft PhotoImpression" = ArcSoft PhotoImpression
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Digital Camera" = Digital Camera
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESPRX420 Ref. Handbuch" = ESPRX420 Ref. Handbuch
"ESPRX420 Softwarehandbuch" = ESPRX420 Softwarehandbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"InCD!UninstallKey" = InCD
"Indeo® software" = Indeo® software
"InstallShield_{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}" = DaViDeo 4 professional
"IsoBuster_is1" = IsoBuster 1.6
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RealArcade 1.2" = RealArcade
"Starcraft Brood War (RAZOR 1911)" = Starcraft Brood War (RAZOR 1911)
"Sunplus CA533A" = Digital Camera, WDM Video Capture
"TeamViewer 7" = TeamViewer 7
"TomTom HOME" = TomTom HOME 2.8.1.2218
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/20/2012 7:22:11 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
503.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 63.00% Memory free
455.00 Mb Paging File | 341.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 15.44 Gb Free Space | 41.43% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 7.58 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (LVPrcSrv)
SRV - [2012/05/05 09:55:48 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 21:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 11:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2004/12/17 04:31:33 | 000,053,248 | ---- | M] (GEAR Software) [Disabled] -- C:\WINDOWS\system32\GEARSEC.EXE -- (GEARSecurity)
SRV - [2004/04/06 14:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2002/09/20 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/08/14 09:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (vsdatant)
DRV - File not found [Kernel | On_Demand] --  -- (SiemensSiemensGigUSB(5A)(R)) Siemens SiemensGigUSB(5A)(R)
DRV - File not found [Kernel | On_Demand] --  -- (PONDIS5)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] --  -- (PCMCIAFVNETR)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - File not found [Kernel | On_Demand] --  -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand] --  -- (LVPr2Mon)
DRV - File not found [Kernel | On_Demand] --  -- (lvpopflt)
DRV - File not found [Kernel | On_Demand] --  -- (LVMVDrv)
DRV - File not found [Kernel | On_Demand] --  -- (LVcKap)
DRV - File not found [Kernel | Auto] --  -- (LMIInfo)
DRV - File not found [Kernel | On_Demand] --  -- (FilterService)
DRV - File not found [Kernel | On_Demand] --  -- (cpuz132)
DRV - File not found [Kernel | On_Demand] --  -- (ATMELWinXPPCMCIAFVNETR(458AS)(R)) ATMEL WinXP PCMCIAFVNETR(458AS)(R)
DRV - File not found [Kernel | On_Demand] --  -- (ATMELFVNETusb(AR)(R)) ATMEL FVNETusb(AR)(R)
DRV - [2011/09/26 12:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 09:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer)
DRV - [2008/04/13 13:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2006/11/03 15:13:36 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06)
DRV - [2004/08/31 14:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/04/06 14:43:22 | 000,005,504 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [2004/04/06 14:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004/04/06 14:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/05/01 07:26:34 | 000,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cvirta.sys -- (CVirtA)
DRV - [2003/03/28 11:25:52 | 000,003,840 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2002/10/23 07:03:00 | 000,528,917 | R--- | M] (Digital Camera) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av)
DRV - [2002/10/23 07:03:00 | 000,010,264 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera)
DRV - [2002/08/14 09:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 09:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/23 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.live.com/sphome.aspx
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LogMeInRemoteUser.PCNAD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Nadine_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.live.com
IE - HKU\Nadine_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Nadine_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Nadine_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Nadine_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\Nadine_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\Nadine_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nadine_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = microsoft
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 11:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/26 12:20:25 | 000,000,000 | ---D | M]
 
[2012/05/06 11:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 21:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 02:50:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 21:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/20 21:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/20 21:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/20 21:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/20 21:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\Nadine_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Nadine_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Nadine_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\Nadine_ON_C\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [ccApp]  File not found
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn GUI]  File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\Nadine_ON_C..\Run: [986872A1] C:\WINDOWS\system32\68D780AB986872A131BB.exe (The Code::Blocks Team)
O4 - HKU\Nadine_ON_C..\Run: [PowerBar]  File not found
O4 - HKU\Nadine_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\Nadine_ON_C..\Run: [WhenUSave]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LogMeInRemoteUser.PCNAD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214773647921 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\68D780AB986872A131BB.exe) - C:\WINDOWS\system32\68D780AB986872A131BB.exe (The Code::Blocks Team)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/20 13:22:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/20 04:46:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/19 05:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nadine\Local Settings\Application Data\PCHealth
[2012/05/17 11:18:25 | 000,034,477 | -H-- | C] (The Code::Blocks Team) -- C:\WINDOWS\System32\68D780AB986872A131BB.exe
[2012/05/06 11:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/02 12:29:37 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/26 10:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2006/09/15 14:43:27 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Nadine\My Documents\*.tmp files -> C:\Documents and Settings\Nadine\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Nadine\Desktop\*.tmp files -> C:\Documents and Settings\Nadine\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/19 18:08:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/19 18:07:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/19 18:07:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/19 04:56:52 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/19 04:56:33 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/05/19 04:55:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/17 11:18:26 | 000,034,477 | -H-- | M] (The Code::Blocks Team) -- C:\WINDOWS\System32\68D780AB986872A131BB.exe
[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/11 10:35:19 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 17:02:08 | 001,001,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 17:02:08 | 000,352,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/10 16:57:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/06 11:58:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Nadine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/06 11:58:29 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/06 11:58:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/06 11:43:26 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Nadine\sELUAtEfqGndjsEVyxL
[2012/05/06 11:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/05/06 11:39:19 | 000,000,264 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2012/05/05 09:55:47 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 09:55:47 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/02 13:09:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2012/05/01 02:23:47 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/01 02:22:50 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Nadine\My Documents\*.tmp files -> C:\Documents and Settings\Nadine\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Nadine\Desktop\*.tmp files -> C:\Documents and Settings\Nadine\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/06 11:58:29 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Nadine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/06 11:58:29 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/06 11:58:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/06 11:39:18 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2012/05/02 12:29:39 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/01 02:32:34 | 000,000,394 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/01 02:31:39 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/05/01 02:22:48 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 17:53:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 02:28:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/27 11:02:47 | 000,001,133 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011/10/08 18:01:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/02 14:35:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/08/13 09:47:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Fonts
[2011/08/13 09:47:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Nadine\Application Data\Flowers
[2011/08/13 09:47:35 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/08/13 09:47:34 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Font Book
[2011/08/13 09:47:34 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Nadine\Application Data\Flanger
[2011/08/13 09:47:34 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/08/13 09:47:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Folder Actions Handlers
[2011/08/13 09:47:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Nadine\Application Data\Flange Saw
[2011/08/13 09:47:32 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/08/03 12:42:26 | 000,002,133 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2011/08/03 12:41:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2011/08/03 12:03:13 | 000,002,068 | R--- | C] () -- C:\WINDOWS\CA533A.INI
[2010/07/14 17:25:39 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/21 12:35:13 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Nadine\Application Data\qcopjv.dat
[2010/06/13 04:45:55 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\qcopjv.dat
[2010/06/12 07:44:47 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\qcopjv.dat
[2010/06/12 07:44:29 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Nadine\Application Data\avdrn.dat
[2010/02/13 15:38:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/15 01:22:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/07/13 14:14:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2008/06/29 16:50:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2008/06/29 16:50:16 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2008/06/29 16:50:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/06/29 16:49:30 | 000,034,782 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/06/29 16:49:30 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/06/29 16:49:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/29 16:47:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX420FG.ini
[2007/07/31 07:12:35 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2007/04/27 04:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006/11/05 10:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2006/09/22 07:53:40 | 000,000,583 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/09/11 06:07:53 | 000,183,296 | --S- | C] () -- C:\WINDOWS\NDNuninstall7_22.exe
[2006/09/11 06:04:36 | 000,050,688 | --S- | C] () -- C:\WINDOWS\NDNuninstall6_38.exe
[2006/08/09 06:24:30 | 000,000,516 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/18 08:52:03 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2005/10/16 06:52:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rzrunins.exe
[2005/09/02 09:29:14 | 000,000,557 | ---- | C] () -- C:\WINDOWS\users2.ini
[2005/09/02 09:28:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\kwb2.ini
[2005/06/10 15:01:05 | 000,106,779 | ---- | C] () -- C:\WINDOWS\chat.de[chd-10002,1,1].exe
[2005/03/06 09:15:16 | 000,000,636 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2005/02/26 17:33:03 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2005/02/26 17:31:30 | 000,000,138 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/02/26 10:52:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/02/10 07:35:14 | 000,003,836 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/01/18 03:23:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TTN.INI
[2005/01/07 08:15:56 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/01/06 04:31:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/12/27 17:00:34 | 000,000,126 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/11/28 12:00:23 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/11/28 08:40:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/28 08:40:55 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Nadine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/28 07:43:08 | 000,000,528 | ---- | C] () -- C:\WINDOWS\KLETT.INI
[2004/11/27 09:05:12 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2004/11/20 15:11:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/11/20 14:52:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/11/20 14:22:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/20 14:10:01 | 000,004,429 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/20 14:09:09 | 000,123,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/20 13:47:23 | 000,004,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/20 13:24:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/20 13:19:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/30 08:26:16 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 001,001,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,352,702 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[1999/01/26 17:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1601/02/13 04:28:18 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Nadine\sELUAtEfqGndjsEVyxL
[1601/02/13 04:28:18 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Nadine\ODevXODuarsvXODuarev
 
========== LOP Check ==========
 
[2011/12/27 11:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Buhl Data Service
[2005/02/10 07:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Disney Interactive
[2011/12/25 06:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\DVDVideoSoft
[2011/12/25 06:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\DVDVideoSoftIEHelpers
[2008/12/28 11:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Haufe
[2010/11/24 15:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\ICQ
[2008/11/29 06:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Lexware
[2011/09/02 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Nikon
[2012/05/06 13:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\PriceGong
[2008/10/15 01:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Smart Panel
[2012/03/13 07:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\TeamViewer
[2008/08/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\TomTom
[2008/11/29 06:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTrieve
[2011/12/27 11:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buhl Data Service GmbH
[2008/11/29 06:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DATA BECKER
[2011/08/13 09:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/11/29 06:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Haufe
[2011/08/13 09:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hip Hop
[2011/08/13 09:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hybrid Morph
[2008/08/16 10:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011/08/13 09:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Images
[2010/12/01 12:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexware
[2012/03/13 08:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/01/02 14:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2006/11/03 15:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Modern Games
[2011/08/14 02:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/08/31 06:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/06/29 16:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/08/13 09:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2006/09/16 05:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2012/05/19 04:56:33 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :OTL >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 >
 
< O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\056EB686F08C74A67BDE.exe) - C:\WINDOWS\system32\056EB686F08C74A67BDE.exe (The Code::Blocks Team) >
 
< [2012/05/17 02:35:48 | 000,034,477 | -H-- | C] (The Code::Blocks Team) -- C:\WINDOWS\System32\056EB686F08C74A67BDE.exe >
Invalid Switch: 17 02:35:48 | 000,034,477 | -H-- | C] (The Code::Blocks Team) -- C:\WINDOWS\System32\056EB686F08C74A67BDE.exe
 
< [2012/05/17 09:24:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006UA.job >
Invalid Switch: 17 09:24:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006UA.job

 
< [2012/05/17 07:24:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006Core.job >
Invalid Switch: 17 07:24:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006Core.job

 
< [2012/05/17 02:35:48 | 000,034,477 | -H-- | M] (The Code::Blocks Team) -- C:\WINDOWS\System32\056EB686F08C74A67BDE.exe >
Invalid Switch: 17 02:35:48 | 000,034,477 | -H-- | M] (The Code::Blocks Team) -- C:\WINDOWS\System32\056EB686F08C74A67BDE.exe

 
 
< :Files >
 
< C:\WINDOWS\system32\056EB686F08C74A67BDE.exe  >
 
< C:\WINDOWS\System32\winsh325 >
[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
< C:\WINDOWS\System32\winsh324 >
[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
< C:\WINDOWS\System32\winsh323 >
[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
< C:\WINDOWS\System32\winsh322 >
[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
< C:\WINDOWS\System32\winsh321 >
[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
< C:\WINDOWS\System32\winsh320 >
[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
< C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LstryTUuoDGOAXfJnetr >
 
< C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\psQqedOoTxvAlVrLXtu >
 
< C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VrLXtuyedgETGJADVNLps >
 
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
 
 
< :Commands >
 
< [purity] >
 
< [emptytemp] >

< End of report >

--- --- ---

pckeineahnun · 21.05.2012, 21:34

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\056EB686F08C74A67BDE.exe deleted successfully.
File C:\WINDOWS\system32\056EB686F08C74A67BDE.exe not found.
File C:\WINDOWS\System32\056EB686F08C74A67BDE.exe not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006UA.job not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006Core.job not found.
File C:\WINDOWS\System32\056EB686F08C74A67BDE.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\056EB686F08C74A67BDE.exe not found.
C:\WINDOWS\System32\winsh325 moved successfully.
C:\WINDOWS\System32\winsh324 moved successfully.
C:\WINDOWS\System32\winsh323 moved successfully.
C:\WINDOWS\System32\winsh322 moved successfully.
C:\WINDOWS\System32\winsh321 moved successfully.
C:\WINDOWS\System32\winsh320 moved successfully.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LstryTUuoDGOAXfJnetr not found.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\psQqedOoTxvAlVrLXtu not found.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VrLXtuyedgETGJADVNLps not found.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/20/2012 7:22:11 AM - Run > in the current context!
Error: Unable to interpret <OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE> in the current context!
Error: Unable to interpret <Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 6.0.2900.5512)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret <503.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 63.00% Memory free> in the current context!
Error: Unable to interpret <455.00 Mb Paging File | 341.00 Mb Available in Paging File | 75.00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 756 1512 [binary data]> in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 37.27 Gb Total Space | 15.44 Gb Free Space | 41.43% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 7.58 Gb Total Space | 7.58 Gb Free Space | 100.00% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret <Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS> in the current context!
Error: Unable to interpret <Computer Name: REATOGO | User Name: SYSTEM> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret <Using ControlSet: ControlSet002> in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret <SRV - File not found [Auto] --  -- (LVPrcSrv)> in the current context!
Error: Unable to interpret <SRV - [2012/05/05 09:55:48 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)> in the current context!
Error: Unable to interpret <SRV - [2012/04/20 21:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)> in the current context!
Error: Unable to interpret <SRV - [2012/03/26 11:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)> in the current context!
Error: Unable to interpret <SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)> in the current context!
Error: Unable to interpret <SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)> in the current context!
Error: Unable to interpret <SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)> in the current context!
Error: Unable to interpret <SRV - [2004/12/17 04:31:33 | 000,053,248 | ---- | M] (GEAR Software) [Disabled] -- C:\WINDOWS\system32\GEARSEC.EXE -- (GEARSecurity)> in the current context!
Error: Unable to interpret <SRV - [2004/04/06 14:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)> in the current context!
Error: Unable to interpret <SRV - [2002/09/20 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))> in the current context!
Error: Unable to interpret <SRV - [2002/08/14 09:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)> in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (WDICA)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (vsdatant)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (SiemensSiemensGigUSB(5A)(R)) Siemens SiemensGigUSB(5A)(R)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PONDIS5)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PCMCIAFVNETR)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (PCIDump)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (LVUVC) Logitech QuickCam Pro 5000(UVC)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (LVUSBSta)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (LVPr2Mon)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (lvpopflt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (LVMVDrv)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (LVcKap)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | Auto] --  -- (LMIInfo)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (FilterService)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (cpuz132)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (ATMELWinXPPCMCIAFVNETR(458AS)(R)) ATMEL WinXP PCMCIAFVNETR(458AS)(R)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (ATMELFVNETusb(AR)(R)) ATMEL FVNETusb(AR)(R)> in the current context!
Error: Unable to interpret <DRV - [2011/09/26 12:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)> in the current context!
Error: Unable to interpret <DRV - [2011/09/16 09:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)> in the current context!
Error: Unable to interpret <DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)> in the current context!
Error: Unable to interpret <DRV - [2008/04/13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer)> in the current context!
Error: Unable to interpret <DRV - [2008/04/13 13:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)> in the current context!
Error: Unable to interpret <DRV - [2006/11/03 15:13:36 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06)> in the current context!
Error: Unable to interpret <DRV - [2004/08/31 14:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)> in the current context!
Error: Unable to interpret <DRV - [2004/04/06 14:43:22 | 000,005,504 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)> in the current context!
Error: Unable to interpret <DRV - [2004/04/06 14:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)> in the current context!
Error: Unable to interpret <DRV - [2004/04/06 14:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)> in the current context!
Error: Unable to interpret <DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)> in the current context!
Error: Unable to interpret <DRV - [2003/05/01 07:26:34 | 000,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cvirta.sys -- (CVirtA)> in the current context!
Error: Unable to interpret <DRV - [2003/03/28 11:25:52 | 000,003,840 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)> in the current context!
Error: Unable to interpret <DRV - [2002/10/23 07:03:00 | 000,528,917 | R--- | M] (Digital Camera) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av)> in the current context!
Error: Unable to interpret <DRV - [2002/10/23 07:03:00 | 000,010,264 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera)> in the current context!
Error: Unable to interpret <DRV - [2002/08/14 09:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)> in the current context!
Error: Unable to interpret <DRV - [2002/08/14 09:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)> in the current context!
Error: Unable to interpret <DRV - [2001/08/23 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)> in the current context!
Error: Unable to interpret <DRV - [2001/08/23 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)> in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret <IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm> in the current context!
Error: Unable to interpret <IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie> in the current context!
Error: Unable to interpret <IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.live.com/sphome.aspx> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\LogMeInRemoteUser.PCNAD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\Nadine_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.live.com> in the current context!
Error: Unable to interpret <IE - HKU\Nadine_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050> in the current context!
Error: Unable to interpret <IE - HKU\Nadine_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie> in the current context!
Error: Unable to interpret <IE - HKU\Nadine_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\Nadine_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKU\Nadine_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\Nadine_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\Nadine_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = microsoft> in the current context!
Error: Unable to interpret <IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 11:58:19 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/26 12:20:25 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <[2012/05/06 11:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2012/04/20 21:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[2012/02/16 02:50:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll> in the current context!
Error: Unable to interpret <[2012/04/20 21:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2012/04/20 21:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2012/04/20 21:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2012/04/20 21:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2012/04/20 21:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2012/04/20 21:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKU\Nadine_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\Nadine_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKU\Nadine_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O3 - HKU\Nadine_ON_C\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt]  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ccApp]  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [LogMeIn GUI]  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKU\Nadine_ON_C..\Run: [986872A1] C:\WINDOWS\system32\68D780AB986872A131BB.exe (The Code::Blocks Team)> in the current context!
Error: Unable to interpret <O4 - HKU\Nadine_ON_C..\Run: [PowerBar]  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\Nadine_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)> in the current context!
Error: Unable to interpret <O4 - HKU\Nadine_ON_C..\Run: [WhenUSave]  File not found> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\LogMeInRemoteUser.PCNAD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1> in the current context!
Error: Unable to interpret <O7 - HKU\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1> in the current context!
Error: Unable to interpret <O7 - HKU\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1> in the current context!
Error: Unable to interpret <O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)> in the current context!
Error: Unable to interpret <O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)> in the current context!
Error: Unable to interpret <O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214773647921 (WUWebControl Class)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\haufereader - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\68D780AB986872A131BB.exe) - C:\WINDOWS\system32\68D780AB986872A131BB.exe (The Code::Blocks Team)> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)> in the current context!
Error: Unable to interpret <O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp> in the current context!
Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found> in the current context!
Error: Unable to interpret <O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2004/11/20 13:22:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) -  File not found> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret <[2012/05/20 04:46:42 | 000,000,000 | ---D | C] -- C:\_OTL> in the current context!
Error: Unable to interpret <[2012/05/19 05:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nadine\Local Settings\Application Data\PCHealth> in the current context!
Error: Unable to interpret <[2012/05/17 11:18:25 | 000,034,477 | -H-- | C] (The Code::Blocks Team) -- C:\WINDOWS\System32\68D780AB986872A131BB.exe> in the current context!
Error: Unable to interpret <[2012/05/06 11:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service> in the current context!
Error: Unable to interpret <[2012/05/02 12:29:37 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe> in the current context!
Error: Unable to interpret <[2012/04/26 10:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla> in the current context!
Error: Unable to interpret <[2006/09/15 14:43:27 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll> in the current context!
Error: Unable to interpret <[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Documents and Settings\Nadine\My Documents\*.tmp files -> C:\Documents and Settings\Nadine\My Documents\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Documents and Settings\Nadine\Desktop\*.tmp files -> C:\Documents and Settings\Nadine\Desktop\*.tmp -> ]> in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret <[2012/05/19 18:08:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2012/05/19 18:07:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2012/05/19 18:07:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat> in the current context!
Error: Unable to interpret <[2012/05/19 04:56:52 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job> in the current context!
Error: Unable to interpret <[2012/05/19 04:56:33 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job> in the current context!
Error: Unable to interpret <[2012/05/19 04:55:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job> in the current context!
Error: Unable to interpret <[2012/05/17 11:18:26 | 000,034,477 | -H-- | M] (The Code::Blocks Team) -- C:\WINDOWS\System32\68D780AB986872A131BB.exe> in the current context!
Error: Unable to interpret <[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323> in the current context!
Error: Unable to interpret <[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322> in the current context!
Error: Unable to interpret <[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321> in the current context!
Error: Unable to interpret <[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320> in the current context!
Error: Unable to interpret <[2012/05/11 10:35:19 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2012/05/10 17:02:08 | 001,001,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2012/05/10 17:02:08 | 000,352,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2012/05/10 16:57:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK> in the current context!
Error: Unable to interpret <[2012/05/06 11:58:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Nadine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk> in the current context!
Error: Unable to interpret <[2012/05/06 11:58:29 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk> in the current context!
Error: Unable to interpret <[2012/05/06 11:58:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk> in the current context!
Error: Unable to interpret <[2012/05/06 11:43:26 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Nadine\sELUAtEfqGndjsEVyxL> in the current context!
Error: Unable to interpret <[2012/05/06 11:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech> in the current context!
Error: Unable to interpret <[2012/05/06 11:39:19 | 000,000,264 | ---- | M] () -- C:\WINDOWS\_delis32.ini> in the current context!
Error: Unable to interpret <[2012/05/05 09:55:47 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe> in the current context!
Error: Unable to interpret <[2012/05/05 09:55:47 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl> in the current context!
Error: Unable to interpret <[2012/05/02 13:09:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT> in the current context!
Error: Unable to interpret <[2012/05/01 02:23:47 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif> in the current context!
Error: Unable to interpret <[2012/05/01 02:22:50 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk> in the current context!
Error: Unable to interpret <[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325> in the current context!
Error: Unable to interpret <[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324> in the current context!
Error: Unable to interpret <[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Documents and Settings\Nadine\My Documents\*.tmp files -> C:\Documents and Settings\Nadine\My Documents\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Documents and Settings\Nadine\Desktop\*.tmp files -> C:\Documents and Settings\Nadine\Desktop\*.tmp -> ]> in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret <[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325> in the current context!
Error: Unable to interpret <[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324> in the current context!
Error: Unable to interpret <[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323> in the current context!
Error: Unable to interpret <[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322> in the current context!
Error: Unable to interpret <[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321> in the current context!
Error: Unable to interpret <[2012/05/17 11:20:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320> in the current context!
Error: Unable to interpret <[2012/05/06 11:58:29 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Nadine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk> in the current context!
Error: Unable to interpret <[2012/05/06 11:58:29 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk> in the current context!
Error: Unable to interpret <[2012/05/06 11:58:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk> in the current context!
Error: Unable to interpret <[2012/05/06 11:39:18 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini> in the current context!
Error: Unable to interpret <[2012/05/02 12:29:39 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job> in the current context!
Error: Unable to interpret <[2012/05/01 02:32:34 | 000,000,394 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job> in the current context!
Error: Unable to interpret <[2012/05/01 02:31:39 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job> in the current context!
Error: Unable to interpret <[2012/05/01 02:22:48 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk> in the current context!
Error: Unable to interpret <[2012/04/24 17:53:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK> in the current context!
Error: Unable to interpret <[2012/02/16 02:28:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll> in the current context!
Error: Unable to interpret <[2011/12/27 11:02:47 | 000,001,133 | ---- | C] () -- C:\WINDOWS\wiso.ini> in the current context!
Error: Unable to interpret <[2011/10/08 18:01:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat> in the current context!
Error: Unable to interpret <[2011/09/02 14:35:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Fonts> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Nadine\Application Data\Flowers> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:35 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:34 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Font Book> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:34 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Nadine\Application Data\Flanger> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:34 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Folder Actions Handlers> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Nadine\Application Data\Flange Saw> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:32 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT> in the current context!
Error: Unable to interpret <[2011/08/03 12:42:26 | 000,002,133 | ---- | C] () -- C:\WINDOWS\photoimpression.ini> in the current context!
Error: Unable to interpret <[2011/08/03 12:41:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini> in the current context!
Error: Unable to interpret <[2011/08/03 12:03:13 | 000,002,068 | R--- | C] () -- C:\WINDOWS\CA533A.INI> in the current context!
Error: Unable to interpret <[2010/07/14 17:25:39 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI> in the current context!
Error: Unable to interpret <[2010/06/21 12:35:13 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Nadine\Application Data\qcopjv.dat> in the current context!
Error: Unable to interpret <[2010/06/13 04:45:55 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\qcopjv.dat> in the current context!
Error: Unable to interpret <[2010/06/12 07:44:47 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\qcopjv.dat> in the current context!
Error: Unable to interpret <[2010/06/12 07:44:29 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Nadine\Application Data\avdrn.dat> in the current context!
Error: Unable to interpret <[2010/02/13 15:38:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat> in the current context!
Error: Unable to interpret <[2008/10/15 01:22:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI> in the current context!
Error: Unable to interpret <[2008/07/13 14:14:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll> in the current context!
Error: Unable to interpret <[2008/06/29 16:50:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll> in the current context!
Error: Unable to interpret <[2008/06/29 16:50:16 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin> in the current context!
Error: Unable to interpret <[2008/06/29 16:50:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini> in the current context!
Error: Unable to interpret <[2008/06/29 16:49:30 | 000,034,782 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat> in the current context!
Error: Unable to interpret <[2008/06/29 16:49:30 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat> in the current context!
Error: Unable to interpret <[2008/06/29 16:49:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini> in the current context!
Error: Unable to interpret <[2008/06/29 16:47:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX420FG.ini> in the current context!
Error: Unable to interpret <[2007/07/31 07:12:35 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini> in the current context!
Error: Unable to interpret <[2007/04/27 04:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll> in the current context!
Error: Unable to interpret <[2006/11/05 10:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odbcddp.ini> in the current context!
Error: Unable to interpret <[2006/09/22 07:53:40 | 000,000,583 | ---- | C] () -- C:\WINDOWS\eReg.dat> in the current context!
Error: Unable to interpret <[2006/09/11 06:07:53 | 000,183,296 | --S- | C] () -- C:\WINDOWS\NDNuninstall7_22.exe> in the current context!
Error: Unable to interpret <[2006/09/11 06:04:36 | 000,050,688 | --S- | C] () -- C:\WINDOWS\NDNuninstall6_38.exe> in the current context!
Error: Unable to interpret <[2006/08/09 06:24:30 | 000,000,516 | ---- | C] () -- C:\WINDOWS\WININIT.INI> in the current context!
Error: Unable to interpret <[2005/12/18 08:52:03 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Edofma.INI> in the current context!
Error: Unable to interpret <[2005/10/16 06:52:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rzrunins.exe> in the current context!
Error: Unable to interpret <[2005/09/02 09:29:14 | 000,000,557 | ---- | C] () -- C:\WINDOWS\users2.ini> in the current context!
Error: Unable to interpret <[2005/09/02 09:28:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\kwb2.ini> in the current context!
Error: Unable to interpret <[2005/06/10 15:01:05 | 000,106,779 | ---- | C] () -- C:\WINDOWS\chat.de[chd-10002,1,1].exe> in the current context!
Error: Unable to interpret <[2005/03/06 09:15:16 | 000,000,636 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI> in the current context!
Error: Unable to interpret <[2005/02/26 17:33:03 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL> in the current context!
Error: Unable to interpret <[2005/02/26 17:31:30 | 000,000,138 | ---- | C] () -- C:\WINDOWS\SIERRA.INI> in the current context!
Error: Unable to interpret <[2005/02/26 10:52:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll> in the current context!
Error: Unable to interpret <[2005/02/10 07:35:14 | 000,003,836 | ---- | C] () -- C:\WINDOWS\disney.ini> in the current context!
Error: Unable to interpret <[2005/01/18 03:23:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TTN.INI> in the current context!
Error: Unable to interpret <[2005/01/07 08:15:56 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll> in the current context!
Error: Unable to interpret <[2005/01/06 04:31:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI> in the current context!
Error: Unable to interpret <[2004/12/27 17:00:34 | 000,000,126 | ---- | C] () -- C:\WINDOWS\cdplayer.ini> in the current context!
Error: Unable to interpret <[2004/11/28 12:00:23 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll> in the current context!
Error: Unable to interpret <[2004/11/28 08:40:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini> in the current context!
Error: Unable to interpret <[2004/11/28 08:40:55 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Nadine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2004/11/28 07:43:08 | 000,000,528 | ---- | C] () -- C:\WINDOWS\KLETT.INI> in the current context!
Error: Unable to interpret <[2004/11/27 09:05:12 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe> in the current context!
Error: Unable to interpret <[2004/11/20 15:11:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll> in the current context!
Error: Unable to interpret <[2004/11/20 14:52:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI> in the current context!
Error: Unable to interpret <[2004/11/20 14:22:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin> in the current context!
Error: Unable to interpret <[2004/11/20 14:10:01 | 000,004,429 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI> in the current context!
Error: Unable to interpret <[2004/11/20 14:09:09 | 000,123,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2004/11/20 13:47:23 | 000,004,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI> in the current context!
Error: Unable to interpret <[2004/11/20 13:24:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2004/11/20 13:19:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat> in the current context!
Error: Unable to interpret <[2004/08/30 08:26:16 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll> in the current context!
Error: Unable to interpret <[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat> in the current context!
Error: Unable to interpret <[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll> in the current context!
Error: Unable to interpret <[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 001,001,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,352,702 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat> in the current context!
Error: Unable to interpret <[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll> in the current context!
Error: Unable to interpret <[1999/01/26 17:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL> in the current context!
Error: Unable to interpret <[1601/02/13 04:28:18 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Nadine\sELUAtEfqGndjsEVyxL> in the current context!
Error: Unable to interpret <[1601/02/13 04:28:18 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Nadine\ODevXODuarsvXODuarev> in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret <[2011/12/27 11:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Buhl Data Service> in the current context!
Error: Unable to interpret <[2005/02/10 07:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Disney Interactive> in the current context!
Error: Unable to interpret <[2011/12/25 06:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\DVDVideoSoft> in the current context!
Error: Unable to interpret <[2011/12/25 06:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\DVDVideoSoftIEHelpers> in the current context!
Error: Unable to interpret <[2008/12/28 11:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Haufe> in the current context!
Error: Unable to interpret <[2010/11/24 15:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\ICQ> in the current context!
Error: Unable to interpret <[2008/11/29 06:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Lexware> in the current context!
Error: Unable to interpret <[2011/09/02 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Nikon> in the current context!
Error: Unable to interpret <[2012/05/06 13:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\PriceGong> in the current context!
Error: Unable to interpret <[2008/10/15 01:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\Smart Panel> in the current context!
Error: Unable to interpret <[2012/03/13 07:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\TeamViewer> in the current context!
Error: Unable to interpret <[2008/08/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nadine\Application Data\TomTom> in the current context!
Error: Unable to interpret <[2008/11/29 06:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTrieve> in the current context!
Error: Unable to interpret <[2011/12/27 11:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buhl Data Service GmbH> in the current context!
Error: Unable to interpret <[2008/11/29 06:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DATA BECKER> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp> in the current context!
Error: Unable to interpret <[2008/11/29 06:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Haufe> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hip Hop> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hybrid Morph> in the current context!
Error: Unable to interpret <[2008/08/16 10:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Images> in the current context!
Error: Unable to interpret <[2010/12/01 12:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexware> in the current context!
Error: Unable to interpret <[2012/03/13 08:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn> in the current context!
Error: Unable to interpret <[2012/01/02 14:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX> in the current context!
Error: Unable to interpret <[2006/11/03 15:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Modern Games> in the current context!
Error: Unable to interpret <[2011/08/14 02:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon> in the current context!
Error: Unable to interpret <[2008/08/31 06:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom> in the current context!
Error: Unable to interpret <[2008/06/29 16:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL> in the current context!
Error: Unable to interpret <[2011/08/13 09:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15> in the current context!
Error: Unable to interpret <[2006/09/16 05:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno> in the current context!
Error: Unable to interpret <[2012/05/19 04:56:33 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job> in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret <========== Custom Scans ==========> in the current context!
Error: Unable to interpret << :OTL >> in the current context!
Error: Unable to interpret << O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 >> in the current context!
Error: Unable to interpret << O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 >> in the current context!
Error: Unable to interpret << O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\056EB686F08C74A67BDE.exe) - C:\WINDOWS\system32\056EB686F08C74A67BDE.exe (The Code::Blocks Team) >> in the current context!
Error: Unable to interpret << [2012/05/17 02:35:48 | 000,034,477 | -H-- | C] (The Code::Blocks Team) -- C:\WINDOWS\System32\056EB686F08C74A67BDE.exe >> in the current context!
Error: Unable to interpret <Invalid Switch: 17 02:35:48 | 000,034,477 | -H-- | C] (The Code::Blocks Team) -- C:\WINDOWS\System32\056EB686F08C74A67BDE.exe> in the current context!
Error: Unable to interpret << [2012/05/17 09:24:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006UA.job >> in the current context!
Error: Unable to interpret <Invalid Switch: 17 09:24:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006UA.job> in the current context!
Error: Unable to interpret << [2012/05/17 07:24:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006Core.job >> in the current context!
Error: Unable to interpret <Invalid Switch: 17 07:24:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-689382577-3436805405-3422380704-1006Core.job> in the current context!
Error: Unable to interpret << [2012/05/17 02:35:48 | 000,034,477 | -H-- | M] (The Code::Blocks Team) -- C:\WINDOWS\System32\056EB686F08C74A67BDE.exe >> in the current context!
Error: Unable to interpret <Invalid Switch: 17 02:35:48 | 000,034,477 | -H-- | M] (The Code::Blocks Team) -- C:\WINDOWS\System32\056EB686F08C74A67BDE.exe> in the current context!
Error: Unable to interpret << :Files >> in the current context!
Error: Unable to interpret << C:\WINDOWS\system32\056EB686F08C74A67BDE.exe  >> in the current context!
Error: Unable to interpret << C:\WINDOWS\System32\winsh325 >> in the current context!
Error: Unable to interpret <[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret << C:\WINDOWS\System32\winsh324 >> in the current context!
Error: Unable to interpret <[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret << C:\WINDOWS\System32\winsh323 >> in the current context!
Error: Unable to interpret <[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret << C:\WINDOWS\System32\winsh322 >> in the current context!
Error: Unable to interpret <[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret << C:\WINDOWS\System32\winsh321 >> in the current context!
Error: Unable to interpret <[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret << C:\WINDOWS\System32\winsh320 >> in the current context!
Error: Unable to interpret <[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret << C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LstryTUuoDGOAXfJnetr >> in the current context!
Error: Unable to interpret << C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\psQqedOoTxvAlVrLXtu >> in the current context!
Error: Unable to interpret << C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VrLXtuyedgETGJADVNLps >> in the current context!
Error: Unable to interpret << ipconfig /flushdns /c >> in the current context!
Error: Unable to interpret <Windows IP Configuration> in the current context!
Error: Unable to interpret <An internal error occurred: The system cannot find the file specified.> in the current context!
Error: Unable to interpret <Please contact Microsoft Product Support Services for further help.> in the current context!
Error: Unable to interpret <Additional information: Unable to open registry key for tcpip.> in the current context!
Error: Unable to interpret << :Commands >> in the current context!
Error: Unable to interpret << [purity] >> in the current context!
Error: Unable to interpret << [emptytemp] >> in the current context!
Error: Unable to interpret << End of report >

--- --- ---
> in the current context!
Error: Unable to interpret <OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 5/20/2012 7:22:11 AM - Run > in the current context!
Error: Unable to interpret <OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE> in the current context!
Error: Unable to interpret <Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 6.0.2900.5512)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret <503.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 63.00% Memory free> in the current context!
Error: Unable to interpret <455.00 Mb Paging File | 341.00 Mb Available in Paging File | 75.00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 756 1512 [binary data]> in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 37.27 Gb Total Space | 15.44 Gb Free Space | 41.43% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 7.58 Gb Total Space | 7.58 Gb Free Space | 100.00% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret <Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS> in the current context!
Error: Unable to interpret <Computer Name: REATOGO | User Name: SYSTEM> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret <Using ControlSet: ControlSet002> in the current context!
Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context!
Error: Unable to interpret <========== File Associations ==========> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*> in the current context!
Error: Unable to interpret <.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l> in the current context!
Error: Unable to interpret <========== Shell Spawning ==========> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!
Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*> in the current context!
Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l> in the current context!
Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!
Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!
Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!
Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!
Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <========== Security Center Settings ==========> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret <"AntiVirusDisableNotify" = 1> in the current context!
Error: Unable to interpret <"FirewallDisableNotify" = 1> in the current context!
Error: Unable to interpret <"UpdatesDisableNotify" = 1> in the current context!
Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context!
Error: Unable to interpret <"FirewallOverride" = 0> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]> in the current context!
Error: Unable to interpret <========== System Restore Settings ==========> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]> in the current context!
Error: Unable to interpret <"DisableSR" = 0> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]> in the current context!
Error: Unable to interpret <"Start" = 0> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]> in the current context!
Error: Unable to interpret <"Start" = 2> in the current context!
Error: Unable to interpret <========== Firewall Settings ==========> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]> in the current context!
Error: Unable to interpret <"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004> in the current context!
Error: Unable to interpret <"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005> in the current context!
Error: Unable to interpret <"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001> in the current context!
Error: Unable to interpret <"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DoNotAllowExceptions" = 0> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]> in the current context!
Error: Unable to interpret <"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004> in the current context!
Error: Unable to interpret <"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005> in the current context!
Error: Unable to interpret <"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001> in the current context!
Error: Unable to interpret <"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002> in the current context!
Error: Unable to interpret <"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007> in the current context!
Error: Unable to interpret <"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008> in the current context!
Error: Unable to interpret <========== Authorized Applications List ==========> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]> in the current context!
Error: Unable to interpret <"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)> in the current context!
Error: Unable to interpret <"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)> in the current context!
Error: Unable to interpret <"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)> in the current context!
Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008> in the current context!
Error: Unable to interpret <"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client> in the current context!
Error: Unable to interpret <"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor> in the current context!
Error: Unable to interpret <"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack> in the current context!
Error: Unable to interpret <"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148> in the current context!
Error: Unable to interpret <"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher> in the current context!
Error: Unable to interpret <"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool> in the current context!
Error: Unable to interpret <"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT> in the current context!
Error: Unable to interpret <"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1> in the current context!
Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31> in the current context!
Error: Unable to interpret <"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime> in the current context!
Error: Unable to interpret <"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform> in the current context!
Error: Unable to interpret <"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4> in the current context!
Error: Unable to interpret <"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP> in the current context!
Error: Unable to interpret <"{4381448B-AF21-4088-BE5E-FBD65F610BBC}" = Drucken Total Pro> in the current context!
Error: Unable to interpret <"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010> in the current context!
Error: Unable to interpret <"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater> in the current context!
Error: Unable to interpret <"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack> in the current context!
Error: Unable to interpret <"{5211040E-3953-4918-8383-B5D96EC7400C}" = Steuererklärung 2007> in the current context!
Error: Unable to interpret <"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support> in the current context!
Error: Unable to interpret <"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM> in the current context!
Error: Unable to interpret <"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008> in the current context!
Error: Unable to interpret <"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0> in the current context!
Error: Unable to interpret <"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5> in the current context!
Error: Unable to interpret <"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5> in the current context!
Error: Unable to interpret <"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung> in the current context!
Error: Unable to interpret <"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3> in the current context!
Error: Unable to interpret <"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD> in the current context!
Error: Unable to interpret <"{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service> in the current context!
Error: Unable to interpret <"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost> in the current context!
Error: Unable to interpret <"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel> in the current context!
Error: Unable to interpret <"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053> in the current context!
Error: Unable to interpret <"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1> in the current context!
Error: Unable to interpret <"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page> in the current context!
Error: Unable to interpret <"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility> in the current context!
Error: Unable to interpret <"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver> in the current context!
Error: Unable to interpret <"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update> in the current context!
Error: Unable to interpret <"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules> in the current context!
Error: Unable to interpret <"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional> in the current context!
Error: Unable to interpret <"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack> in the current context!
Error: Unable to interpret <"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting> in the current context!
Error: Unable to interpret <"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17> in the current context!
Error: Unable to interpret <"{9B04D453-4C9E-41C9-BA7C-B2B8FF32DE6D}" = Das große Steuer-Sparpaket 2006-2007> in the current context!
Error: Unable to interpret <"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161> in the current context!
Error: Unable to interpret <"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI> in the current context!
Error: Unable to interpret <"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2> in the current context!
Error: Unable to interpret <"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch> in the current context!
Error: Unable to interpret <"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger> in the current context!
Error: Unable to interpret <"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2> in the current context!
Error: Unable to interpret <"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer> in the current context!
Error: Unable to interpret <"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution> in the current context!
Error: Unable to interpret <"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2> in the current context!
Error: Unable to interpret <"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1> in the current context!
Error: Unable to interpret <"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail> in the current context!
Error: Unable to interpret <"{C7D6EBF3-435B-4008-AB27-247CDE703E5D}" = Steuer Update 14.01> in the current context!
Error: Unable to interpret <"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials> in the current context!
Error: Unable to interpret <"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1> in the current context!
Error: Unable to interpret <"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2> in the current context!
Error: Unable to interpret <"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call> in the current context!
Error: Unable to interpret <"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service> in the current context!
Error: Unable to interpret <"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2> in the current context!
Error: Unable to interpret <"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb> in the current context!
Error: Unable to interpret <"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung> in the current context!
Error: Unable to interpret <"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8> in the current context!
Error: Unable to interpret <"{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}" = DaViDeo 4 professional> in the current context!
Error: Unable to interpret <"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX> in the current context!
Error: Unable to interpret <"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard> in the current context!
Error: Unable to interpret <"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5> in the current context!
Error: Unable to interpret <"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser> in the current context!
Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX> in the current context!
Error: Unable to interpret <"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin> in the current context!
Error: Unable to interpret <"Adobe Shockwave Player" = Adobe Shockwave Player 11.6> in the current context!
Error: Unable to interpret <"ArcSoft PhotoImpression" = ArcSoft PhotoImpression> in the current context!
Error: Unable to interpret <"CCleaner" = CCleaner> in the current context!
Error: Unable to interpret <"CloneCD" = CloneCD> in the current context!
Error: Unable to interpret <"CloneDVD2" = CloneDVD2> in the current context!
Error: Unable to interpret <"Digital Camera" = Digital Camera> in the current context!
Error: Unable to interpret <"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar> in the current context!
Error: Unable to interpret <"EPSON Printer and Utilities" = EPSON-Drucker-Software> in the current context!
Error: Unable to interpret <"EPSON Scanner" = EPSON Scan> in the current context!
Error: Unable to interpret <"ESPRX420 Ref. Handbuch" = ESPRX420 Ref. Handbuch> in the current context!
Error: Unable to interpret <"ESPRX420 Softwarehandbuch" = ESPRX420 Softwarehandbuch> in the current context!
Error: Unable to interpret <"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206> in the current context!
Error: Unable to interpret <"InCD!UninstallKey" = InCD> in the current context!
Error: Unable to interpret <"Indeo® software" = Indeo® software> in the current context!
Error: Unable to interpret <"InstallShield_{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}" = DaViDeo 4 professional> in the current context!
Error: Unable to interpret <"IsoBuster_is1" = IsoBuster 1.6> in the current context!
Error: Unable to interpret <"Macromedia Shockwave Player" = Macromedia Shockwave Player> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1> in the current context!
Error: Unable to interpret <"Microsoft Security Client" = Microsoft Security Essentials> in the current context!
Error: Unable to interpret <"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)> in the current context!
Error: Unable to interpret <"MozillaMaintenanceService" = Mozilla Maintenance Service> in the current context!
Error: Unable to interpret <"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP> in the current context!
Error: Unable to interpret <"Nero - Burning Rom!UninstallKey" = Nero OEM> in the current context!
Error: Unable to interpret <"PROSet" = Intel(R) PRO Ethernet Adapter and Software> in the current context!
Error: Unable to interpret <"RealArcade 1.2" = RealArcade> in the current context!
Error: Unable to interpret <"Starcraft Brood War (RAZOR 1911)" = Starcraft Brood War (RAZOR 1911)> in the current context!
Error: Unable to interpret <"Sunplus CA533A" = Digital Camera, WDM Video Capture> in the current context!
Error: Unable to interpret <"TeamViewer 7" = TeamViewer 7> in the current context!
Error: Unable to interpret <"TomTom HOME" = TomTom HOME 2.8.1.2218> in the current context!
Error: Unable to interpret <"WIC" = Windows Imaging Component> in the current context!
Error: Unable to interpret <"WinAce Archiver" = WinAce Archiver> in the current context!
Error: Unable to interpret <"Windows Media Format Runtime" = Windows Media Format 11 runtime> in the current context!
Error: Unable to interpret <"Windows Media Player" = Windows Media Player 11> in the current context!
Error: Unable to interpret <"Windows XP Service Pack" = Windows XP Service Pack 3> in the current context!
Error: Unable to interpret <"WinLiveSuite_Wave3" = Windows Live Essentials> in the current context!
Error: Unable to interpret <"WinZip" = WinZip> in the current context!
Error: Unable to interpret <"WMFDist11" = Windows Media Format 11 runtime> in the current context!
Error: Unable to interpret <"wmp11" = Windows Media Player 11> in the current context!
Error: Unable to interpret <"WS_FTP Pro" = Ipswitch WS_FTP Pro> in the current context!
Error: Unable to interpret <"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0> in the current context!
Error: Unable to interpret <"Yahoo! Companion" = Yahoo! Companion> in the current context!
Error: Unable to interpret <========== HKEY_USERS Uninstall List ==========> in the current context!
Error: Unable to interpret <[HKEY_USERS\Nadine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret << End of report >

--- --- ---
> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 05202012_072847

Ich hoffe ich habe es richtig gemacht. Schönen Abend noch.

Grüße

So beim scan mit antivir hat sich folgendes ergeben:

erkannt Bat..., dann TR/Gendal. 1607580

dann hat er erkannt. ind er Datei c:\Recyclers\s-1-5-18\Dc5 exe.vir wurde gefunden
TR/Shelf A

Zugriff wird jedoch verweigert :-(

Dann EchtzeitScanner hat 2 Viren oder unerwünschte Programme erkannt.

Der Zugriff wurde verweigert.

Der Antivir bringt mir immer das selbe...

Und zuvor lies ich den Windows Security Essential laufen, der sich normal auf meinem Pc als Virenprogramm befindet.

Der fand Trojan: Win32/Matsnu...habe ihn entfernen lassen; hat wohl auch geklappt.

puuuh und der Scan ist noch nicht fertig.......

pckeineahnun · 22.05.2012, 04:36

So nun ist der komplett Scan durch.

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 21. Mai 2012 22:07

Es wird nach 3724174 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Microsoft Windows XP
Windowsversion : (Service Pack 3) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : PCNAD

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 21.05.2012 18:48:11
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 18:47:50
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 18:47:50
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 18:47:51
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 18:47:51
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 18:47:51
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 18:47:51
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 18:47:52
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 18:47:52
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 18:47:52
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 18:47:53
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 18:47:54
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 18:47:56
VBASE017.VDF : 7.11.30.144 2048 Bytes 21.05.2012 18:47:56
VBASE018.VDF : 7.11.30.145 2048 Bytes 21.05.2012 18:47:56
VBASE019.VDF : 7.11.30.146 2048 Bytes 21.05.2012 18:47:56
VBASE020.VDF : 7.11.30.147 2048 Bytes 21.05.2012 18:47:56
VBASE021.VDF : 7.11.30.148 2048 Bytes 21.05.2012 18:47:56
VBASE022.VDF : 7.11.30.149 2048 Bytes 21.05.2012 18:47:56
VBASE023.VDF : 7.11.30.150 2048 Bytes 21.05.2012 18:47:56
VBASE024.VDF : 7.11.30.151 2048 Bytes 21.05.2012 18:47:57
VBASE025.VDF : 7.11.30.152 2048 Bytes 21.05.2012 18:47:57
VBASE026.VDF : 7.11.30.153 2048 Bytes 21.05.2012 18:47:57
VBASE027.VDF : 7.11.30.154 2048 Bytes 21.05.2012 18:47:57
VBASE028.VDF : 7.11.30.155 2048 Bytes 21.05.2012 18:47:57
VBASE029.VDF : 7.11.30.156 2048 Bytes 21.05.2012 18:47:57
VBASE030.VDF : 7.11.30.157 2048 Bytes 21.05.2012 18:47:57
VBASE031.VDF : 7.11.30.158 2048 Bytes 21.05.2012 18:47:58
Engineversion : 8.2.10.68
AEVDF.DLL : 8.1.2.2 106868 Bytes 06.02.2012 23:31:09
AESCRIPT.DLL : 8.1.4.19 455034 Bytes 21.05.2012 18:48:10
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.5 606579 Bytes 26.04.2012 16:41:32
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.2.16.13 807287 Bytes 21.05.2012 18:48:09
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 16:41:32
AEHEUR.DLL : 8.1.4.28 4800886 Bytes 21.05.2012 18:48:06
AEHELP.DLL : 8.1.21.0 254326 Bytes 21.05.2012 18:47:58
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 16:41:31
AEEXP.DLL : 8.1.0.40 82292 Bytes 21.05.2012 18:48:10
AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29
AECORE.DLL : 8.1.25.6 201078 Bytes 26.04.2012 16:41:31
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 21. Mai 2012 22:07

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'rsmsink.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'msdtc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiapsrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMAgent.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMERunner.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'msseces.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcCon.ac' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACDaemon.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'GhostStartService.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACService.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'LxUpdateManager.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'GhostStartTrayApp.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'InCD.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDServ.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'DrvLsnr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMTray.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'InCDsrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '176' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
Die Registry wurde durchsucht ( '3401' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Documents and Settings\All Users\Application Data\DATA BECKER\Steuer-Sparpaket 2006-2007\Konfiguration\download\qst2007_sp2b.zip
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Documents and Settings\All Users\Application Data\DATA BECKER\Steuer-Sparpaket 2006-2007\Konfiguration\download\qst2007_sp3b.zip
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Documents and Settings\All Users\Application Data\DATA BECKER\Steuer-Sparpaket 2006-2007\Konfiguration\download\qst2007_sp3b.zip.tmp
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Documents and Settings\All Users\Application Data\DATA BECKER\Steuer-Sparpaket 2006-2007\Konfiguration\download\qstdb2007_sp4.zip.tmp
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Documents and Settings\All Users\Application Data\MFAData\pack\idatx.cab
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.bat.vir
[FUND] Enthält Erkennungsmuster des Batch-Virus BAT/DelIE.148
C:\Documents and Settings\Nadine\My Documents\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Documents and Settings\Nadine\My Documents\My Pictures\qUVEGqULtAVEGqU
[WARNUNG] Der Archivheader ist defekt
C:\Documents and Settings\Nadine\My Documents\TomTom\HOME\Download\complete\map\West-_und_Mitteleuropa-1\sapulravsgpulraJ
[WARNUNG] Der Archivheader ist defekt
C:\Documents and Settings\Nadine\My Documents\TomTom\HOME\Sicherungskopie\ONE\Backup01\InternalMemory\home images\aelNXuegaJDNXue
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files\Franzis\Drucken Total Pro\data\cdt\CD_Einleger_Set\tpl8.cd1
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files\Franzis\Drucken Total Pro\data\cdt\Visitenkarten_CD\tpl6.cd1
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files\Franzis\Drucken Total Pro\data\lct\Video\Foto\Alex_W_020.lc1
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files\Franzis\Drucken Total Pro\data\mpt\mousepad\Weihnacht5.mp1
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files\Real\RealArcade\MozillaBrowserPlugin.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files\Real\RealArcade\Plugins\Mozilla\MozillaPluginUninstaller.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files\SlySoft\CloneCD\regkey.exe.vir
[FUND] Ist das Trojanische Pferd TR/Gendal.1607580

Beginne mit der Desinfektion:
C:\Program Files\SlySoft\CloneCD\regkey.exe.vir
[FUND] Ist das Trojanische Pferd TR/Gendal.1607580
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53b0b019.qua' verschoben!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.bat.vir
[FUND] Enthält Erkennungsmuster des Batch-Virus BAT/DelIE.148
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ee9f92.qua' verschoben!

Ende des Suchlaufs: Dienstag, 22. Mai 2012 06:21
Benötigte Zeit: 3:29:38 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

11930 Verzeichnisse wurden überprüft
420790 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
420788 Dateien ohne Befall
28157 Archive wurden durchsucht
19 Warnungen
2 Hinweise
392654 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Der TR/Skelf A wurde wphl nicht beseitigt.

So hoffe Du kannst jetzt was mit den Daten anfangen und mir bitte weiterhelfen. Schönen Tag Danke und bis dann

Grüße

cosinus · 22.05.2012, 12:48

1. hast du offenbar Probleme meine Anweisungen zu lesen und führst einfach ohne dass es auch nur irgendwie angedeutet wurde Fixscripte aus, die von einem anderen Helfer für einen ganz anderen User bestimmt war!

2. das sieht mir nach illegalen Dreck aus

Zitat:

C:\Program Files\SlySoft\CloneCD\regkey.exe.vir
[FUND] Ist das Trojanische Pferd TR/Gendal.1607580

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

pckeineahnun · 22.05.2012, 14:07

So hey Arne,
habe den Scan nochmals ausgeführt. Hier das Ergebnis

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 22. Mai 2012 06:59

Es wird nach 3724174 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Microsoft Windows XP
Windowsversion : (Service Pack 3) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : PCNAD

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 21.05.2012 18:48:11
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 18:47:50
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 18:47:50
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 18:47:51
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 18:47:51
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 18:47:51
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 18:47:51
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 18:47:52
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 18:47:52
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 18:47:52
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 18:47:53
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 18:47:54
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 18:47:56
VBASE017.VDF : 7.11.30.144 2048 Bytes 21.05.2012 18:47:56
VBASE018.VDF : 7.11.30.145 2048 Bytes 21.05.2012 18:47:56
VBASE019.VDF : 7.11.30.146 2048 Bytes 21.05.2012 18:47:56
VBASE020.VDF : 7.11.30.147 2048 Bytes 21.05.2012 18:47:56
VBASE021.VDF : 7.11.30.148 2048 Bytes 21.05.2012 18:47:56
VBASE022.VDF : 7.11.30.149 2048 Bytes 21.05.2012 18:47:56
VBASE023.VDF : 7.11.30.150 2048 Bytes 21.05.2012 18:47:56
VBASE024.VDF : 7.11.30.151 2048 Bytes 21.05.2012 18:47:57
VBASE025.VDF : 7.11.30.152 2048 Bytes 21.05.2012 18:47:57
VBASE026.VDF : 7.11.30.153 2048 Bytes 21.05.2012 18:47:57
VBASE027.VDF : 7.11.30.154 2048 Bytes 21.05.2012 18:47:57
VBASE028.VDF : 7.11.30.155 2048 Bytes 21.05.2012 18:47:57
VBASE029.VDF : 7.11.30.156 2048 Bytes 21.05.2012 18:47:57
VBASE030.VDF : 7.11.30.157 2048 Bytes 21.05.2012 18:47:57
VBASE031.VDF : 7.11.30.158 2048 Bytes 21.05.2012 18:47:58
Engineversion : 8.2.10.68
AEVDF.DLL : 8.1.2.2 106868 Bytes 06.02.2012 23:31:09
AESCRIPT.DLL : 8.1.4.19 455034 Bytes 21.05.2012 18:48:10
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.5 606579 Bytes 26.04.2012 16:41:32
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.2.16.13 807287 Bytes 21.05.2012 18:48:09
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 16:41:32
AEHEUR.DLL : 8.1.4.28 4800886 Bytes 21.05.2012 18:48:06
AEHELP.DLL : 8.1.21.0 254326 Bytes 21.05.2012 18:47:58
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 16:41:31
AEEXP.DLL : 8.1.0.40 82292 Bytes 21.05.2012 18:48:10
AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29
AECORE.DLL : 8.1.25.6 201078 Bytes 26.04.2012 16:41:31
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 22. Mai 2012 06:59

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'rsmsink.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'msdtc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiapsrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMAgent.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMERunner.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'msseces.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GhostStartService.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcCon.ac' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACDaemon.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACService.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'LxUpdateManager.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'GhostStartTrayApp.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'InCD.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDServ.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'DrvLsnr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMTray.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'InCDsrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '166' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
Die Registry wurde durchsucht ( '3402' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Documents and Settings\All Users\Application Data\DATA BECKER\Steuer-Sparpaket 2006-2007\Konfiguration\download\qst2007_sp2b.zip
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Documents and Settings\All Users\Application Data\DATA BECKER\Steuer-Sparpaket 2006-2007\Konfiguration\download\qst2007_sp3b.zip
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Documents and Settings\All Users\Application Data\DATA BECKER\Steuer-Sparpaket 2006-2007\Konfiguration\download\qst2007_sp3b.zip.tmp
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Documents and Settings\All Users\Application Data\DATA BECKER\Steuer-Sparpaket 2006-2007\Konfiguration\download\qstdb2007_sp4.zip.tmp
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Documents and Settings\All Users\Application Data\MFAData\pack\idatx.cab
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Documents and Settings\Nadine\My Documents\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Documents and Settings\Nadine\My Documents\My Pictures\qUVEGqULtAVEGqU
[WARNUNG] Der Archivheader ist defekt
C:\Documents and Settings\Nadine\My Documents\TomTom\HOME\Download\complete\map\West-_und_Mitteleuropa-1\sapulravsgpulraJ
[WARNUNG] Der Archivheader ist defekt
C:\Documents and Settings\Nadine\My Documents\TomTom\HOME\Sicherungskopie\ONE\Backup01\InternalMemory\home images\aelNXuegaJDNXue
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files\Franzis\Drucken Total Pro\data\cdt\CD_Einleger_Set\tpl8.cd1
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files\Franzis\Drucken Total Pro\data\cdt\Visitenkarten_CD\tpl6.cd1
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files\Franzis\Drucken Total Pro\data\lct\Video\Foto\Alex_W_020.lc1
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files\Franzis\Drucken Total Pro\data\mpt\mousepad\Weihnacht5.mp1
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files\Real\RealArcade\MozillaBrowserPlugin.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files\Real\RealArcade\Plugins\Mozilla\MozillaPluginUninstaller.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft

Ende des Suchlaufs: Dienstag, 22. Mai 2012 10:09
Benötigte Zeit: 3:09:44 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

11956 Verzeichnisse wurden überprüft
420834 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
420834 Dateien ohne Befall
28163 Archive wurden durchsucht
19 Warnungen
0 Hinweise
392924 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

cosinus · 22.05.2012, 14:08

Der PC wird nicht mehr bereingt, Begründung siehe oben in Posting #12

pckeineahnun · 22.05.2012, 14:12

Danke. :-)

19.05.2012, 12:13	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows XP Trojaner infektion Kannst du das auch mal genauer beschreiben, so dass ich nicht rumraten was "nichts geht" bedeutet? __________________ --> Windows XP Trojaner infektion

20.05.2012, 20:08	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows XP Trojaner infektion Wo ist da denn das Problem? Wenn die Logs auf dem Stick sind dann poste die einfach von einem Rechner aus, an dem alles noch funktioniert und du auch eine Internetverbindung mit hast! Ohne die Logs geht es hier nicht weiter weil die entscheidend sind! __________________ Logfiles bitte immer in CODE-Tags posten

22.05.2012, 14:08	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows XP Trojaner infektion Der PC wird nicht mehr bereingt, Begründung siehe oben in Posting #12 __________________ Logfiles bitte immer in CODE-Tags posten

Windows XP Trojaner infektion

Log-Analyse und Auswertung: Windows XP Trojaner infektion