Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ohon.exe - Igortu

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.09.2010, 14:29   #1
BruderSeth
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



Hi,

mein Rechner hatte heute seltsame Anwandlungen die unter anderem "drwtsn.exe" und "explorer.exe" abgeschossen haben.
Hijackthis hat das ergeben:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:45, on 27.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SuRun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\GIGABYTE\EnergySaver\GSvr.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SuRun.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\TrueCrypt\TrueCrypt.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
F:\Downloads\utorrent.exe
E:\Programme\Mozilla Firefox 3.1 Beta 2\plugin-container.exe
C:\Programme\Trillian\trillian.exe
E:\Programme\Mozilla Firefox 3.1 Beta 2\firefox.exe
E:\Programme\Mozilla Firefox 3.1 Beta 2\plugin-container.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
E:\Programme\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [M1000Mnt] Rundll32.exe M1000Rmv.dll,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [SuRun Systemmenü-Erweiterung] C:\WINDOWS\SuRun.exe /SYSMENUHOOK
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [{C511FC26-AFDE-CF6A-99AC-0F4C6EB59608}] "C:\Dokumente und Einstellungen\Windows Benutzername\Anwendungsdaten\Igortu\ohon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Dokumente und Einstellungen\Windows Benutzername\Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Dokumente und Einstellungen\Windows Benutzername\Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: hxxp://co115w.col115.mail.live.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SuRun - C:\WINDOWS\SuRunExt.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NMSAccessU - Unknown owner - e:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Super User Run (SuRun) Service - hxxp://kay-bruns.de - C:\WINDOWS\SuRun.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7526 bytes


besonders aufgefallen ist mir dabei der Prozess "ohon.exe" unter "Igortu" in den Anwendungsdaten.. es gibt kein "Was ist das?" im Internet, von daher wundere ich mich, was das sein könnte..

Antivir findet nichts, ad-aware findet nichts..

Hat jemand eine Idee?

Alt 27.09.2010, 14:35   #2
markusg
/// Malware-holic
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



bitte keine scans mehr durchführen, außer die von mir genannten und nichts löschen
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide
__________________


Alt 27.09.2010, 14:44   #3
BruderSeth
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.09.2010 15:37:18 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = F:\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 1,80 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 195,31 Gb Total Space | 181,60 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
Drive F: | 386,21 Gb Total Space | 87,85 Gb Free Space | 22,75% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 359,30 Gb Free Space | 38,57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Username
Current User Name: Username 
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - F:\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - F:\Downloads\utorrent.exe (BitTorrent, Inc.)
PRC - E:\Programme\Mozilla Firefox 3.1 Beta 2\firefox.exe (Mozilla Corporation)
PRC - E:\Programme\Mozilla Firefox 3.1 Beta 2\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\WINDOWS\SuRun.exe (hxxp://kay-bruns.de)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\WebCam\M1000\M1000Mnt.exe (ALi)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\System32\HPZipm12.exe File not found
SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Super User Run (SuRun) Service) Super User Run (SuRun) -- C:\WINDOWS\SuRun.exe (hxxp://kay-bruns.de)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- e:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (NIHardwareService) -- C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (GEST Service) -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\B.tmp File not found
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (Applied Networking Inc.)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (FlashUSB) -- C:\WINDOWS\system32\drivers\FlashUsb.sys (Danish Wireless Design A/S)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RivaTuner32) -- e:\Programme\RivaTuner v2.24\RivaTuner32.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\GcKernel.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (M1000Srv) -- C:\WINDOWS\system32\drivers\M1000KNT.sys ()
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-117609710-152049171-725345543-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-117609710-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.boardclub.net/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}:0.7
FF - prefs.js..network.proxy.no_proxies_on: ""
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: E:\Programme\Mozilla Firefox 3.1 Beta 2\components [2010.09.16 20:44:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: E:\Programme\Mozilla Firefox 3.1 Beta 2\plugins [2010.09.16 20:44:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: e:\Programme\Mozilla Sunbird\components [2010.02.09 19:33:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: e:\Programme\Mozilla Thunderbird\components [2010.09.25 15:16:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: e:\Programme\Mozilla Thunderbird\plugins
 
[2010.08.22 23:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Extensions
[2010.08.22 23:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.03.06 19:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\085j5it8.default\extensions
[2009.03.06 19:50:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\085j5it8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.03.06 19:50:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\085j5it8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.26 15:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions
[2010.05.05 20:21:58 | 000,000,000 | ---D | M] (Show MyIP) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}
[2009.07.18 11:14:56 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010.08.18 21:43:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.18 21:43:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.09 14:12:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.07.08 19:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\moveplayer@movenetworks.com
[2010.02.09 19:33:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Sunbird\Profiles\pynd4a5c.default\extensions
[2009.12.14 16:02:53 | 000,002,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\dictcc.xml
[2009.08.12 15:40:12 | 000,001,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\memory-alpha-en.xml
[2009.10.12 02:37:53 | 000,001,686 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\thepiratebayorg.xml
[2008.08.24 18:38:37 | 000,001,143 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\wikipedia-en.xml
[2008.08.24 18:38:27 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\youtube-video-search.xml
 
O1 HOSTS File: ([2010.07.14 14:45:06 | 000,344,412 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 11806 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-117609710-152049171-725345543-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [M1000Mnt]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SuRun Systemmenü-Erweiterung] C:\WINDOWS\SuRun.exe (hxxp://kay-bruns.de)
O4 - HKU\S-1-5-21-117609710-152049171-725345543-1003..\Run: [{C511FC26-AFDE-CF6A-99AC-0F4C6EB59608}] C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Igortu\ohon.exe File not found
O4 - HKU\S-1-5-21-117609710-152049171-725345543-1003..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]
O7 - HKU\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments =  [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-117609710-152049171-725345543-1003\..Trusted Domains: live.com ([co115w.col115.mail] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SuRun: DllName - SuRunExt.dll - C:\WINDOWS\SuRunExt.dll (hxxp://kay-bruns.de)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\WINDOWS\SuRunExt.dll (hxxp://kay-bruns.de)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.05 23:56:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{175195c6-b559-11df-a981-001fd08e8d9e}\Shell - "" = AutoRun
O33 - MountPoints2\{175195c6-b559-11df-a981-001fd08e8d9e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{175195c6-b559-11df-a981-001fd08e8d9e}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O33 - MountPoints2\{e69389ac-6ade-11de-a7be-001fd08e8d9e}\Shell - "" = AutoRun
O33 - MountPoints2\{e69389ac-6ade-11de-a7be-001fd08e8d9e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e69389ac-6ade-11de-a7be-001fd08e8d9e}\Shell\AutoRun\command - "" = H:\HL2UE_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "gupdate"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^web'n'walk Manager.lnk - C:\PROGRA~1\T-Mobile\WEB'N'~1\WEB'N'~1.EXE - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - E:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HotKey - hkey= - key= - C:\Programme\HotKey\Hotkey.exe (KYE SYSTEMS CORP.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - E:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= - e:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig - StartUpReg: RunMSetup - hkey= - key= - C:\DOKUME~1\VALENT~1\LOKALE~1\Temp\pft2F.tmp\MSetup.exe File not found
MsConfig - StartUpReg: Steam - hkey= - key= - E:\Programme\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: {C511FC26-AFDE-CF6A-99AC-0F4C6EB59608} - hkey= - key= - C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Igortu\ohon.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - 
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - 
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.27 09:28:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Username \Recent
[2010.09.26 22:47:35 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010.09.26 17:43:20 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.09.26 17:43:17 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.09.26 17:40:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
[2010.09.26 17:40:20 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010.09.26 17:39:58 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.09.26 17:39:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2010.09.22 15:51:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\vlc
[2010.09.14 16:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010.09.14 16:43:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation
[2010.09.13 17:36:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LucasArts
[2010.09.07 18:03:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LolClient
[2010.09.06 23:01:19 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.09.06 23:00:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe AIR
[2010.09.06 22:37:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\PMB Files
[2010.09.06 22:37:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.09.06 22:36:50 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2010.09.03 14:20:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Desktop\StarCraft II
[2010.09.03 14:12:55 | 000,000,000 | ---D | C] -- C:\Programme\StarCraft II
[2002.04.11 09:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.27 15:35:23 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.09.27 15:32:17 | 015,204,352 | -H-- | M] () -- C:\Dokumente und Einstellungen\Username \NTUSER.DAT
[2010.09.27 15:01:38 | 000,124,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.27 15:00:09 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.09.27 07:40:33 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010.09.27 07:40:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.27 07:40:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.27 00:09:25 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Username \ntuser.ini
[2010.09.26 21:22:40 | 000,000,741 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.09.26 21:22:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.26 21:22:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.09.26 20:45:24 | 000,033,865 | ---- | M] () -- f:\Eigene Dateien\1-4d0c9212021b5eb5355e929b2af0eda5.jpg
[2010.09.26 17:43:17 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.09.26 17:40:16 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.09.24 22:46:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.08 17:28:20 | 000,000,536 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010.09.06 23:00:19 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.09.06 22:01:00 | 000,000,565 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\myMPQ.ini
[2010.09.03 14:09:25 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.26 20:45:24 | 000,033,865 | ---- | C] () -- f:\Eigene Dateien\1-4d0c9212021b5eb5355e929b2af0eda5.jpg
[2010.09.26 17:49:30 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.09.26 17:44:29 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.09.26 17:40:16 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.09.24 22:58:40 | 000,107,008 | ---- | C] () -- C:\vlc.exe
[2010.09.08 17:28:17 | 000,000,536 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010.09.06 23:00:19 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk
[2010.09.03 14:16:25 | 000,000,565 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\myMPQ.ini
[2010.09.03 13:56:24 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk
[2010.08.10 22:11:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.08.10 22:11:48 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\PnkBstrK.sys
[2010.07.18 12:46:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010.07.18 12:46:59 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010.06.25 20:06:53 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2010.06.25 20:06:53 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.11.28 19:12:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.05 20:23:37 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.10.05 20:23:37 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.23 19:24:18 | 000,000,562 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\AutoGK.ini
[2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.07.06 14:18:39 | 000,000,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.07.06 13:09:50 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009.07.06 13:09:45 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009.07.06 13:09:36 | 000,000,688 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009.07.06 12:42:55 | 000,008,410 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2009.06.24 21:28:30 | 000,296,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\M1000KNT.sys
[2009.06.24 21:28:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\M1000DIF.dll
[2009.06.24 21:28:30 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M1000Twn.ini
[2009.06.15 19:54:09 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.04.14 21:01:44 | 000,001,329 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009.04.07 17:25:14 | 000,418,896 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.03.06 21:12:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.03.06 00:26:04 | 000,124,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.02 06:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.05.03 19:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003.10.02 18:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2001.07.07 03:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.09 16:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\.purple
[2010.09.26 20:51:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Acwu
[2010.09.06 23:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Adobe
[2009.03.16 02:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Apple Computer
[2009.03.26 03:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\avidemux
[2010.03.28 22:33:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Avira
[2010.08.05 15:08:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Canneverbe Limited
[2009.04.07 17:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\DAEMON Tools
[2009.07.07 12:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\DAEMON Tools Lite
[2009.04.07 17:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\DAEMON Tools Pro
[2010.06.20 21:34:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\DivX
[2010.06.05 12:01:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\dvdcss
[2009.10.11 17:54:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\fretsonfire
[2010.04.18 14:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Google
[2010.01.05 00:30:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Hamachi
[2009.04.14 21:01:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Help
[2009.07.06 15:18:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\HP
[2009.10.06 11:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\HpUpdate
[2010.08.23 10:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ICQ
[2009.07.07 09:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ID3 renamer
[2009.03.05 23:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Identities
[2009.03.06 00:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\InstallShield
[2010.08.10 20:17:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\InstallShield Installation Information
[2009.03.12 00:51:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Jasc Software Inc
[2010.07.16 14:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LG Electronics
[2009.03.06 01:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Logitech
[2010.09.07 18:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LolClient
[2010.09.13 17:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LucasArts
[2009.03.06 00:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Macromedia
[2009.10.15 16:45:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Malwarebytes
[2009.03.16 02:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Media Player Classic
[2010.09.26 23:00:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Microsoft
[2010.02.11 18:58:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Move Networks
[2010.02.09 19:33:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla
[2010.06.12 12:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\NVIDIA
[2009.04.04 16:04:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\OpenOffice.org
[2009.09.18 23:23:19 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\SecuROM
[2010.09.25 23:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Skype
[2010.09.26 08:06:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\skypePM
[2009.03.06 22:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Sun
[2009.03.06 20:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Talkback
[2010.08.22 23:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Thunderbird
[2009.07.06 21:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Trillian
[2009.04.04 14:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\TrueCrypt
[2009.03.06 14:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\TuneUp Software
[2009.03.14 20:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\uqm
[2010.09.27 15:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\uTorrent
[2010.09.25 21:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\vlc
[2009.07.07 10:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Winamp
 
< %APPDATA%\*.exe /s >
[2010.06.29 15:10:08 | 000,010,800 | ---- | M] (AOL LLC) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ICQ\Application\ICQ7.2\aolload.exe
[2010.06.29 15:10:08 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe
[2010.06.29 15:10:08 | 000,080,120 | ---- | M] (ICQ, LLC.) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ICQ\Application\ICQ7.2\IcqUpdater.exe
[2010.06.29 15:09:28 | 000,372,736 | ---- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe
[2010.08.10 20:10:02 | 000,331,776 | ---- | M] (Epic Games             ) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
[2010.09.06 23:01:13 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.10.15 22:39:53 | 002,348,928 | ---- | M] () -- C:\D.exe
[2009.09.03 02:03:01 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\firefox.exe
[2010.08.27 01:34:22 | 000,107,008 | ---- | M] () -- C:\vlc.exe
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.03.28 12:35:57 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2009.03.06 00:40:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.03.06 00:40:17 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.03.06 00:40:17 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.14 08:52:08 | 000,029,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\batmeter.dll
[2008.04.14 08:52:10 | 000,165,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\credui.dll
[2001.08.18 14:00:00 | 000,847,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dbgeng.dll
[2008.04.14 08:52:10 | 000,640,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dbghelp.dll
[2008.04.14 08:52:10 | 000,026,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dot3api.dll
[2008.04.14 08:52:10 | 000,009,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dot3dlg.dll
[2008.04.14 08:52:10 | 000,126,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eappcfg.dll
[2008.04.14 08:52:10 | 000,040,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eappprxy.dll
[2008.04.14 08:52:12 | 000,125,952 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\exts.dll
[2008.04.14 08:52:14 | 000,095,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008.04.14 08:52:16 | 000,072,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008.05.19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2008.04.14 08:52:20 | 000,196,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msutb.dll
[2008.04.14 08:52:20 | 000,413,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcp60.dll
[2001.08.18 14:00:00 | 000,036,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntsdexts.dll
[2008.04.14 08:52:24 | 000,145,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\onex.dll
[2006.10.18 21:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\PortableDeviceApi.dll
[2006.10.18 21:47:18 | 000,166,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\PortableDeviceTypes.dll
[2008.04.14 08:52:24 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\powrprof.dll
[2008.04.14 00:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rsaenh.dll
[2008.04.14 08:52:24 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008.04.14 08:52:34 | 000,053,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\winsta.dll
[2008.04.14 08:52:34 | 000,024,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2008.04.14 08:52:34 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wtsapi32.dll
[2008.04.14 01:06:48 | 002,981,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
         
--- --- ---
__________________

Alt 27.09.2010, 14:45   #4
BruderSeth
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



Extras:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.09.2010 15:37:18 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = F:\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 1,80 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 195,31 Gb Total Space | 181,60 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
Drive F: | 386,21 Gb Total Space | 87,85 Gb Free Space | 22,75% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 359,30 Gb Free Space | 38,57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COMPUTER
Current User Name: Username
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox 3.1 Beta 2\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "e:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3 renamer] -- "e:\Programme\ID3 renamer\renamer.exe" "%1" (Jiri {x2} Cincura)
Directory [PlayWithVLC] -- "e:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56804:TCP" = 56804:TCP:*:Enabled:Pando Media Booster
"56804:UDP" = 56804:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"55511:TCP" = 55511:TCP:*:Enabled:uTorrent
"5190:TCP" = 5190:TCP:*:Disabled:Trillian
"5190:UDP" = 5190:UDP:*:Disabled:Trillian2
"56804:TCP" = 56804:TCP:*:Enabled:Pando Media Booster
"56804:UDP" = 56804:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"F:\Spiele\Star Trek Bridge Commander\stbc.exe" = F:\Spiele\Star Trek Bridge Commander\stbc.exe:*:Enabled:stbc -- ()
"F:\Spiele\Quake\joequake-gl.exe" = F:\Spiele\Quake\joequake-gl.exe:*:Enabled:joequake-gl -- ()
"F:\Spiele\Doom\DOOM95.EXE" = F:\Spiele\Doom\DOOM95.EXE:*:Enabled:doom95 -- (id Software)
"E:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = E:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"F:\Spiele\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = F:\Spiele\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)
"F:\Spiele\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe" = F:\Spiele\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine -- (Raven Software)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\Programme\Hamachi\hamachi.exe" = E:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"E:\Programme\Total Commander\totalcmd\TOTALCMD.EXE" = E:\Programme\Total Commander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\WINDOWS\system32\ntvdm.exe" = C:\WINDOWS\system32\ntvdm.exe:*:Enabled:NTVDM.EXE -- (Microsoft Corporation)
"F:\Spiele\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe" = F:\Spiele\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"F:\Spiele\TrackMania Nations ESWC\TmNationsESWC.exe" = F:\Spiele\TrackMania Nations ESWC\TmNationsESWC.exe:*:Disabled:TmNationsESWC -- ()
"C:\Dokumente und Einstellungen\Username\Pidgin\pidgin.exe" = C:\Dokumente und Einstellungen\Username\Pidgin\pidgin.exe:*:Disabled:Pidgin -- (The Pidgin developer community)
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Dokumente und Einstellungen\Username\Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe" = C:\Dokumente und Einstellungen\Username\Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe:*:Disabled:ICQ -- (ICQ, LLC.)
"F:\Spiele\Spring\spring.exe" = F:\Spiele\Spring\spring.exe:*:Enabled:spring -- ()
"F:\Spiele\Starcraft - Broodwar\StarCraft.exe" = F:\Spiele\Starcraft - Broodwar\StarCraft.exe:*:Enabled:Starcraft - Brood War -- (Blizzard Entertainment)
"F:\Spiele\Unreal Tournament 3\Binaries\UT3.exe" = F:\Spiele\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"F:\Spiele\Crysis\Bin32\Crysis.exe" = F:\Spiele\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"F:\Spiele\Crysis\Bin32\CrysisDedicatedServer.exe" = F:\Spiele\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"F:\Spiele\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = F:\Spiele\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"E:\Programme\Steam\Steam.exe" = E:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\Spiele\StarCraft II\StarCraft II.exe" = F:\Spiele\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"F:\Spiele\League of Legends\Air\LolClient.exe" = F:\Spiele\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"F:\Spiele\League of Legends\Game\League of Legends.exe" = F:\Spiele\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"F:\Spiele\EA Games\Battlefield WWII Anthology\BF1942.exe" = F:\Spiele\EA Games\Battlefield WWII Anthology\BF1942.exe:*:Enabled:Battlefield 1942 -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{2A82D40B-899C-4BDB-BAC1-8A0126C3DAA2}" = Risen Demo
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56A648C2-D185-46A9-BBFF-78AE7A501000}" = USB2.0 Web Camera
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{581125F9-D1C6-4797-93BB-47A992D69AA8}" = Screen Grab Pro
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}" = FIFA 10 - Demo
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Vengeance
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C2157D30-298B-11D7-BF3B-00079500A37A}" = Genius SlimStar 310 Hotkey driver
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BC-Mod Installer .NET" = BC-Mod Installer .NET - FINAL Version
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner (remove only)
"Device Control" = Gerätesteuerung
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EAXSet" = Creative EAX-Einstellungen
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Frets on Fire" = Frets On Fire
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hamachi" = Hamachi 1.0.1.1
"HijackThis" = HijackThis 2.0.2
"HL2UE_6500_is1" = Half-Life 2 Ultimate Edition (build 6500)
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"id3renamer.cincura.net_is1" = ID3 renamer 2.15.15
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Vengeance
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"League of Legends_is1" = League of Legends
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24
"SPEAKER" = Creative Lautsprechereinstellungen
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"SuRun" = Super User Run (SuRun)
"TIOsoft ShutDownTimer" = TIOsoft ShutDownTimer 2.10 
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wing Commander Standoff" = Wing Commander Standoff 1.31
"Wing Commander: Secret Ops" = Wing Commander: Secret Ops
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"Audacity_is1" = Audacity 1.2.6
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Pidgin" = Pidgin
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.09.2010 11:40:05 | Computer Name = COMPUTER | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(000001FC,0x0053c020,000379D0,0,000389D8,4096,[0])".
 hr = 0x80070057.
 
Error - 26.09.2010 11:40:40 | Computer Name = COMPUTER | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 26.09.2010 11:51:34 | Computer Name = COMPUTER | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{c45431e4-0a73-11de-a6f5-001fd08e8d9e},0xc0000000,0x00000003,...)".
 hr = 0x80070020.
 
Error - 26.09.2010 11:51:34 | Computer Name = COMPUTER | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{c45431e6-0a73-11de-a6f5-001fd08e8d9e},0xc0000000,0x00000003,...)".
 hr = 0x80070020.
 
Error - 26.09.2010 11:51:34 | Computer Name = COMPUTER | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(000001FC,0x0053c020,000379D0,0,000389D8,4096,[0])".
 hr = 0x80070057.
 
Error - 26.09.2010 12:53:38 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hotkey.exe, Version 3.9.0.1229, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 26.09.2010 15:16:27 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hotkey.exe, Version 3.9.0.1229, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 26.09.2010 15:18:36 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hotkey.exe, Version 3.9.0.1229, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 27.09.2010 09:11:13 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
 unknown, Version 0.0.0.0, Fehleradresse 0x5ee61b4a.
 
Error - 27.09.2010 09:11:22 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
 
[ System Events ]
Error - 26.09.2010 11:33:33 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238
Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume
 "C:" konnte nicht hinzugefügt werden.
 
Error - 26.09.2010 11:34:56 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238
Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume
 "C:" konnte nicht hinzugefügt werden.
 
Error - 26.09.2010 11:34:57 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238
Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume
 "C:" konnte nicht hinzugefügt werden.
 
Error - 26.09.2010 11:36:07 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238
Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume
 "C:" konnte nicht hinzugefügt werden.
 
Error - 26.09.2010 11:40:05 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238
Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume
 "C:" konnte nicht hinzugefügt werden.
 
Error - 26.09.2010 11:51:34 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238
Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume
 "C:" konnte nicht hinzugefügt werden.
 
Error - 26.09.2010 12:53:29 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 26.09.2010 15:16:27 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 26.09.2010 15:45:58 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 27.09.2010 01:40:42 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
[ TuneUp Events ]
Error - 04.09.2010 11:24:34 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-04 17:24:34', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\web'n'walk manager.exe','1616',0)
 
Error - 04.09.2010 16:02:23 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-04 22:02:23', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\gtdetectsc.exe','132',0)
 
Error - 04.09.2010 16:07:38 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-04 22:07:38', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\web'n'walk manager.exe','2260',0)
 
Error - 05.09.2010 03:05:23 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-05 09:05:23', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\gtdetectsc.exe','132',0)
 
Error - 05.09.2010 07:43:27 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-05 13:43:27', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\gtdetectsc.exe','1120',0)
 
Error - 05.09.2010 09:05:26 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-05 15:05:26', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\gtdetectsc.exe','1568',0)
 
Error - 06.09.2010 02:57:05 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-06 08:57:05', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\gtdetectsc.exe','1024',0)
 
Error - 07.09.2010 04:08:44 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-07 10:08:44', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\gtdetectsc.exe','1184',0)
 
Error - 07.09.2010 08:04:19 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-07 14:04:19', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\gtdetectsc.exe','1100',0)
 
Error - 07.09.2010 08:19:35 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-07 14:19:34', '\device\harddiskvolume2\programme\t-mobile\web'n'walk
 manager\gtdetectsc.exe','728',0)
 
 
< End of report >
         
--- --- ---

Alt 27.09.2010, 15:22   #5
markusg
/// Malware-holic
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



toolbars:
toolbars sollten deinstaliert werden, sie machen den browser langsam, stellen ein zusätzliches sicherheitsrisiko dar und können nutzer daten ausspähen.
deinstaliere:
SnagIt toolbar

adaware und avira sollten nicht zusammen auf einem system laufen, bitte deinstaliere adaware.
du nutzt ne beta von firefox, warum? gehe auf die original seite und hohle dir die neueste version, die beta deinstalieren.
lProgramme wie tuneup sind, ums vorsichtig auszudrücken, nicht sinnvoll oder notwendig, sie können dem pc sogar schaden
TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de
bitte deinstalieren, so was braucht man nicht.

• Starte bitte die OTL.exe.
• Kopiere nun das Folgende in die Textbox.

:OTL
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\System32\HPZipm12.exe File not found
SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\B.tmp File not found
O3 - HKU\S-1-5-21-117609710-152049171-725345543-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found
O4 - HKLM..\Run: [M1000Mnt] File not found
O4 - HKU\S-1-5-21-117609710-152049171-725345543-1003..\Run: [{C511FC26-AFDE-CF6A-99AC-0F4C6EB59608}] C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Igortu\ohon.exe
File not found
:FILES
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten


download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.


Alt 27.09.2010, 15:34   #6
BruderSeth
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



Vielen Dank erstmal für die schnelle Hilfe!

Nach dem neustart gabs kein Textdokument, kann das damit zusammenhängen, dass ich OTL in einem Ordner ausgeführt habe, den ich nach dem Neustart erst durch TrueCrypt wieder freigeben musste?

zu Firefox: Ich habe vor langer Zeit mal die Beta benutzt, mittlerweile benutze ich aber die ganz normale Version (momentan 3.6.10), warum der immernoch die Beta anzeigt ist mir ein Rätsel

zur Snag-It-Toolbar: Wieso die installiert ist, ist mir auch ein Rätsel, wenn, muss das automatisch beim installieren des Programms passiert sein, ich klicke das Angebot, Toolbars zu installieren, grundsätzlich weg!

zu TuneUp: habe ich bisher zum wiederherstellen von ausversehen gelöschten dateien benutzt..



OTL nach c:\ kopieren, ausführen, neustart, log posten?
malwarebytes hatte ich schon installiert (leider völlig vergessen..), soll ich das jetzt erstmal durchlaufen lassen?

Alt 27.09.2010, 15:37   #7
markusg
/// Malware-holic
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



lass mal Malwarebytes laufen,
schau mal unter c:\_OTL\moved files da ist ne logdatei mit heutigem namen.
ja wenn man das braucht kannst du tune up ja instalieren bzw gibts da ja andere programme zur daten wiederherstellung, aber ich würds runter machen.

Alt 27.09.2010, 15:40   #8
BruderSeth
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



auch in dem Ordner keine Logfile..

dann also erstmal Malwarebytes!

Alt 27.09.2010, 16:14   #9
BruderSeth
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



hier die Malwarebytes-Log:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3

27.09.2010 17:13:52
mbam-log-2010-09-27 (17-13-52).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 294233
Laufzeit: 25 minute(s), 35 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 27.09.2010, 16:44   #10
markusg
/// Malware-holic
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



so und jetzt versuchen wirs noch mal nach update, es wird wohl 2 mal nötig sein. 1x versionsupdate 1x für die datenbank, also registerkarte aktualisierung und los gehts :-)

Alt 27.09.2010, 17:00   #11
BruderSeth
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



die Updatefunktion meldet immer nur:

Error Code: 732 (0, 0)

und Updatet nicht.. naja, dann lad ich halt so mal die neue Version runter..

Alt 27.09.2010, 17:03   #12
markusg
/// Malware-holic
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



und dann mal das manual database update einspielen
http://data.mbamupdates.com/tools/mbam-rules.exe

Alt 27.09.2010, 18:08   #13
BruderSeth
 
ohon.exe - Igortu - Standard

ohon.exe - Igortu



was lange währt...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

27.09.2010 19:07:47
mbam-log-2010-09-27 (19-07-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 309203
Laufzeit: 27 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Valentin ***\Stan_comp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
F:\Downloads\Abirechner.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Spiele\Wing Commander Secret Ops\Stan_comp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\D.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Geändert von cosinus (07.08.2012 um 11:41 Uhr) Grund: Nachname unkenntlich gemacht

Antwort

Themen zu ohon.exe - Igortu
ad-aware, adobe, antivir, antivir guard, avira, bho, cdburnerxp, dateien, desktop, dll, einstellungen, explorer.exe, firefox, hkus\s-1-5-18, icq, internet, internet explorer, microsoft, mozilla, nvidia, programme, prozess, rundll, software, super, system, windows, windows benutzer, windows xp



Zum Thema ohon.exe - Igortu - Hi, mein Rechner hatte heute seltsame Anwandlungen die unter anderem "drwtsn.exe" und "explorer.exe" abgeschossen haben. Hijackthis hat das ergeben: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:27:45, on - ohon.exe - Igortu...
Archiv
Du betrachtest: ohon.exe - Igortu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.