| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Falsche Links bei Google; WIndows Fehler nach Schließen jedes ProgrammsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.10.2010, 22:23
| #1 |
 |  Falsche Links bei Google; WIndows Fehler nach Schließen jedes Programms Hallo Habe seit heute das Problem, dass ich bei Google keine Links mehr anklicken kann (oder selten), ohne dass sich nicht eine falsche Seite öffnet. Dies dauert auch deutlich länger als das sonstige Öffnen einer Seite. Habe das Problem zwar schon bei anderen hier im Forum gelesen, aber das waren glaube ich immer andere viren... kenn mich nicht so aus  Hab bei Malware 5-6 infizierte Dateien gefunden und die gelöscht. Hier sind die logs von OTL OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.10.2010 23:14:27 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\André\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 34,32 Gb Free Space | 70,29% Space Free | Partition Type: NTFS Drive D: | 249,26 Gb Total Space | 44,27 Gb Free Space | 17,76% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 465,76 Gb Total Space | 43,34 Gb Free Space | 9,30% Space Free | Partition Type: NTFS Drive K: | 298,09 Gb Total Space | 173,30 Gb Free Space | 58,14% Space Free | Partition Type: NTFS Computer Name: ANDRE Current User Name: André Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\André\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Virtual CD v8\System\VC8SecS.exe (H+H Software GmbH) PRC - C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\André\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (VC8SecS) -- C:\Programme\Virtual CD v8\System\VC8SecS.exe (H+H Software GmbH) SRV - (InCDsrv) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WINIO) -- D:\winio.sys File not found DRV - (PDNSp50) -- C:\WINDOWS\System32\drivers\PDNSp50.sys File not found DRV - (PDNMp50) -- C:\WINDOWS\System32\drivers\PDNMp50.sys File not found DRV - (Monfilt) -- C:\WINDOWS\System32\drivers\Monfilt.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys File not found DRV - (FXDrv32) -- F:\FXDrv32.sys File not found DRV - (Fadpu16E) -- C:\DOKUME~1\ANDR~1\LOKALE~1\Temp\Fadpu16E.sys File not found DRV - (cpuz130) -- C:\DOKUME~1\ANDR~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found DRV - (Ambfilt) -- C:\WINDOWS\System32\drivers\Ambfilt.sys File not found DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys () DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net) DRV - (npusbio) -- C:\WINDOWS\system32\drivers\npusbio.sys (Thesycon GmbH, Germany) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG) DRV - (vdrv8000) -- C:\WINDOWS\system32\drivers\vdrv8000.sys (H+H Software GmbH) DRV - (HHCDHelp.sys) -- C:\WINDOWS\system32\drivers\HHCDHelp.sys (H+H Software GmbH) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\System32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( ) DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( ) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology) DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology) DRV - (SaiNtHid) -- C:\WINDOWS\system32\drivers\SaiNtHid.sys (Saitek) DRV - (SaiClass) -- C:\WINDOWS\system32\drivers\SaiNtBus.sys (Saitek) DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-789336058-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKU\S-1-5-21-789336058-1682526488-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-789336058-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855 FF - prefs.js..extensions.enabledItems: {b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}:0.87 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.09.27 17:28:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.27 20:21:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.27 20:21:23 | 000,000,000 | ---D | M] [2008.09.10 23:01:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Mozilla\Extensions [2010.10.07 19:43:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Mozilla\Firefox\Profiles\j5vnarzc.default\extensions [2009.06.14 13:24:17 | 000,000,000 | ---D | M] (jDownFF) -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Mozilla\Firefox\Profiles\j5vnarzc.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2010.06.24 02:10:33 | 000,000,000 | ---D | M] (FireFTP) -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Mozilla\Firefox\Profiles\j5vnarzc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.06.28 01:52:49 | 000,000,000 | ---D | M] (FirefoxAdKiller) -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Mozilla\Firefox\Profiles\j5vnarzc.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1} [2008.11.06 03:20:57 | 000,001,748 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Mozilla\Firefox\Profiles\j5vnarzc.default\searchplugins\leo-deu-fra.xml [2008.09.12 15:03:21 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Mozilla\Firefox\Profiles\j5vnarzc.default\searchplugins\youtube-video-search.xml [2010.10.07 19:43:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.29 00:39:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.29 00:39:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.29 00:39:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.29 00:39:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.29 00:39:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.07 14:41:13 | 000,422,299 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 14560 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKU\.DEFAULT..\Run: [fheydbueyj.exe] C:\fheydbueyj.exe\fheydbueyj.exe File not found O4 - HKU\S-1-5-18..\Run: [fheydbueyj.exe] C:\fheydbueyj.exe\fheydbueyj.exe File not found O4 - HKU\S-1-5-20..\Run: [fheydbueyj.exe] C:\fheydbueyj.exe\fheydbueyj.exe File not found O4 - HKU\S-1-5-21-789336058-1682526488-839522115-1003..\Run: [Setinx] C:\Dokumente und Einstellungen\André\Anwendungsdaten\Adobe\Update\widnat.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-789336058-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.05 15:21:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk J:\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: dpnsstub - (C:\WINDOWS\system32\cisvclip.dll) - C:\WINDOWS\System32\cisvclip.dll File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.07 21:54:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Malwarebytes [2010.10.07 21:54:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.07 21:54:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.07 21:54:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.07 21:54:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.07 21:54:15 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\André\Desktop\mbam-setup.exe [2010.10.07 21:49:46 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\André\Desktop\OTL.exe [2010.10.07 21:43:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010.10.07 21:37:06 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF15807.exe [2010.10.07 21:37:06 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.10.07 21:35:16 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf [2010.10.07 21:34:59 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF15363.exe [2010.10.07 20:43:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Avira [2010.10.07 20:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.10.07 20:39:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.10.07 20:39:21 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.10.07 20:39:21 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.10.07 20:39:21 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.10.07 20:39:21 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.10.07 20:39:20 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.10.07 20:39:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.10.07 20:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.10.07 20:35:31 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4015.exe [2010.10.07 20:35:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.10.07 20:13:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\download2 [2010.10.07 02:00:00 | 000,000,000 | ---D | C] -- C:\DBControl [2010.10.07 01:59:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Server [2010.10.07 01:51:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DBControl [2010.10.07 01:51:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\DBControl [2010.10.07 01:51:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\DBControl [2010.10.01 20:28:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\André\Recent [2010.09.29 17:16:33 | 000,000,000 | ---D | C] -- C:\Programme\mIRC [2010.09.29 17:16:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\mIRC [2010.09.28 22:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\André\Eigene Dateien\Anno 1404 [2010.09.11 17:08:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\André\Desktop\Sony Walkman [2010.09.11 16:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Corporation [2010.09.11 16:58:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Sony Corporation [2010.09.11 16:58:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Sony Shared [2010.09.11 16:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Sony [2007.11.04 14:03:07 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2007.11.04 14:03:07 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2002.04.11 09:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.07 23:11:52 | 000,272,953 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.10.07 23:11:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.07 23:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.07 23:10:57 | 016,777,216 | ---- | M] () -- C:\Dokumente und Einstellungen\André\ntuser.dat [2010.10.07 23:10:44 | 000,000,757 | ---- | M] () -- C:\WINDOWS\win.ini [2010.10.07 23:10:44 | 000,000,383 | -HS- | M] () -- C:\boot.ini [2010.10.07 23:10:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.10.07 22:39:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.07 21:54:41 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.07 21:54:19 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\André\Desktop\mbam-setup.exe [2010.10.07 21:49:46 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\André\Desktop\OTL.exe [2010.10.07 21:43:54 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf [2010.10.07 21:35:16 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF15807.exe [2010.10.07 21:33:00 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF15363.exe [2010.10.07 21:32:32 | 000,000,687 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Desktop\Verknüpfung mit ComboFix.exe.lnk [2010.10.07 20:39:30 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.10.07 20:35:05 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4015.exe [2010.10.07 15:49:46 | 000,146,944 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.07 14:41:13 | 000,422,299 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.10.07 14:40:46 | 000,422,299 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101007-144113.backup [2010.10.07 12:30:03 | 065,707,947 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.10.06 18:40:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.06 00:44:29 | 003,173,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.09.29 17:27:05 | 000,057,236 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2010.09.28 22:06:18 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.09.28 22:06:04 | 000,218,808 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.09.12 02:12:07 | 000,026,873 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Desktop\Notizen Theben-West.docx [2010.09.11 21:53:45 | 000,022,016 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Desktop\handoutthebenwest.doc [2010.09.11 21:19:10 | 001,157,632 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Desktop\Hausarbeit Ritterturnier.doc [2010.09.11 16:47:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf [2010.09.11 05:08:47 | 000,287,721 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Desktop\Hausarbeit Altägypt Sport komprim.docx [2010.09.09 14:42:41 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Desktop\Verknüpfung mit PTEditor.lnk [2010.09.08 09:35:05 | 000,370,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.09.08 00:57:44 | 000,070,856 | ---- | M] () -- C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.07 21:54:41 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.07 21:32:32 | 000,000,687 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Desktop\Verknüpfung mit ComboFix.exe.lnk [2010.10.07 20:39:30 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.10.07 01:51:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\googleupdate.log [2010.10.07 01:51:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\googleupdate.log [2010.10.07 01:51:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\googleupdate.log [2010.09.29 17:27:05 | 000,057,236 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.09.11 22:21:51 | 012,678,720 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Desktop\Scans.docx [2010.09.11 21:53:45 | 000,022,016 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Desktop\handoutthebenwest.doc [2010.09.11 21:50:28 | 000,026,873 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Desktop\Notizen Theben-West.docx [2010.09.09 14:42:41 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Desktop\Verknüpfung mit PTEditor.lnk [2010.08.05 11:03:01 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010.08.05 04:01:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.08.05 04:01:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.05.26 14:46:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.05.26 14:46:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010.05.26 14:46:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010.05.26 14:46:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.05.26 14:46:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.05.26 14:46:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.05.26 14:46:53 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010.03.20 18:27:05 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.02.15 19:51:25 | 000,000,100 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.10.27 17:04:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009.07.04 15:36:13 | 000,192,312 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.05.31 18:25:10 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2009.03.10 12:42:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI [2009.03.09 17:18:58 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini [2009.03.09 17:18:58 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2008.11.27 16:09:37 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\PnkBstrK.sys [2008.11.04 18:17:20 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.04.01 13:20:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RedBaron_Screensaver.ini [2008.01.19 20:04:15 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007.12.12 21:59:06 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2007.12.12 21:59:06 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007.12.12 21:59:06 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007.12.12 21:59:06 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007.12.12 21:59:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2007.11.24 19:31:06 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.07.10 15:34:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2007.07.09 09:31:16 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.07.06 23:01:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.07.06 23:01:00 | 000,146,944 | ---- | C] () -- C:\Dokumente und Einstellungen\André\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.06 22:24:03 | 000,000,284 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2007.07.06 22:17:48 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe [2007.07.06 22:00:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll [2007.07.06 20:41:29 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2007.07.06 20:41:29 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2005.05.03 19:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll [2004.08.22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2003.10.02 18:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll ========== LOP Check ========== [2010.10.07 21:39:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2010.04.19 22:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2008.09.15 11:22:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios [2008.05.19 00:06:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP [2008.07.02 13:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.08.04 23:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2008.03.08 02:22:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Locktime [2009.07.03 20:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SolarWinds [2010.02.27 01:23:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.02.26 21:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.02.26 21:35:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2007.11.11 19:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Atari [2009.05.16 21:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Audacity [2010.10.07 22:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\download2 [2010.06.23 01:39:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\EPSON [2007.07.05 18:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\fretsonfire [2008.01.21 13:15:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\gslist [2010.09.28 21:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\HyperLobby [2008.07.02 14:05:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\ICQ [2007.07.05 18:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\ICQLite [2007.07.09 18:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Leadertech [2008.02.23 18:40:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\LimeWire [2008.03.08 02:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Locktime [2009.08.03 14:30:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\LucasArts [2008.01.23 10:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Pegasys Inc [2009.03.05 14:30:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\The Creative Assembly [2010.03.21 00:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\TS3Client [2007.07.10 16:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\TuneUp Software [2010.08.09 18:25:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\Ubisoft [2009.09.11 17:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\uTorrent [2008.02.11 12:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\André\Anwendungsdaten\WinSplit ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.10.2010 23:14:27 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\André\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 34,32 Gb Free Space | 70,29% Space Free | Partition Type: NTFS
Drive D: | 249,26 Gb Total Space | 44,27 Gb Free Space | 17,76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465,76 Gb Total Space | 43,34 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
Drive K: | 298,09 Gb Total Space | 173,30 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Computer Name: ANDRE
Current User Name: André
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-789336058-1682526488-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"D:\Programme\Microsoft Games\Rise of Nations\thrones.exe" = D:\Programme\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"D:\Programme\Steam\SteamApps\common\empire total war\Empire.exe" = D:\Programme\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"D:\Ubisoft\Silent Hunter 5\sh5.exe" = D:\Ubisoft\Silent Hunter 5\sh5.exe:*:Enabled:Silent Hunter 5 -- (Ubisoft)
"D:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = D:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"D:\Programme\Ubisoft\DIE SIEDLER - Aufstieg eines Königreichs\extra1\bin\Settlers6.exe" = D:\Programme\Ubisoft\DIE SIEDLER - Aufstieg eines Königreichs\extra1\bin\Settlers6.exe:*:Enabled:DIE SIEDLER - Aufstieg eines Königreichs - Reich des Ostens -- (Blue Byte GmbH)
"D:\Programme\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = D:\Programme\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- (Related Designs)
"D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = D:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno 1404 Web -- ()
"C:\DOKUME~1\ANDR~1\LOKALE~1\Temp\0.4520546372108596.exe" = C:\DOKUME~1\ANDR~1\LOKALE~1\Temp\0.4520546372108596.exe:*:Enabled:ldrsoft -- File not found
"C:\Dokumente und Einstellungen\André\Anwendungsdaten\download2\svcnost.exe" = C:\Dokumente und Einstellungen\André\Anwendungsdaten\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 6.5 Build #1042 Banner Remover 1.2
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1C93D554-19EE-4066-B616-34832549A6BD}" = WORLD WAR II - Der Luftkrieg 1941-1945
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}" = Saitek NT Controller Drivers
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{46AC899A-9ECB-43DC-85DE-272E0D116A1E}" = Ad-Aware 2007
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A8892A3-36BB-411E-85AA-6AEA544D028B}" = Far Cry (Patch 1.4)
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6316A0D9-403D-46F8-A7CD-BBCFA076676B}_is1" = Rückkehr der Asse 1.04 Beta - Upgrade v2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{768F3938-62CC-4B34-98D4-EDDD18E07B6D}_is1" = Rise of Flight
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90126B79-C0D2-41A5-86B2-2F6666C446B9}" = Saitek Configuration Software
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2BBEABB-A8DF-4451-A7C4-63C87B31E325}" = IL-2 Sturmovik: Forgotten Battles AEP
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs (Alle Produkte)
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D9FBE6FB-63A5-477E-B671-26FC8B7FE100}" = Desastersoft - Operation Overlord XXL Addon
"{DB4B9686-E5F2-4D45-9C78-C45C68BD2F43}" = Virtual CD v8
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{ED707F85-E1A7-4810-A619-555B732C191B}" = HyperLobby client
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1" = Age of Empires II - The Conquerors - 1.0e Patch FINAL
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Audacity 1.3 Beta_is1" = Audacity 1.3.4
"AVG9Uninstall" = AVG Free 9.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bink and Smacker" = Bink and Smacker
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"FileZilla" = FileZilla (remove only)
"Fraps" = Fraps (remove only)
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5
"Frets on Fire" = Frets On Fire
"HijackThis" = HijackThis 1.99.1
"InCD!UninstallKey" = InCD
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{D2BBEABB-A8DF-4451-A7C4-63C87B31E325}" = IL-2 Sturmovik: Forgotten Battles AEP
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NetObjects Fusion 7.5" = NetObjects Fusion 7.5
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RiseOfNationsExpansion 1.0" = Rise of Nations
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10500" = Empire: Total War
"Steam App 10600" = Empire: Total War - Special Forces Unit
"Steam App 10601" = Empire: Total War - Dahomey Amazons Unit
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"SysInfo" = Creative-Systeminformationen
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.0
"VLC media player" = VideoLAN VLC media player 0.8.5
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zattoo" = Zattoo 3.3.4 Beta
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.10.2010 16:16:49 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung notepad.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0009589f.
Error - 07.10.2010 16:16:58 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mpc-hc.exe, Version 1.3.1774.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0014589f.
Error - 07.10.2010 16:38:39 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mpc-hc.exe, Version 1.3.1774.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0014589f.
Error - 07.10.2010 17:01:28 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung jqsnotify.exe, Version 6.0.170.4, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0014589f.
Error - 07.10.2010 17:08:19 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mpc-hc.exe, Version 1.3.1774.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0014589f.
Error - 07.10.2010 17:10:09 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung widnat.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0036589f.
Error - 07.10.2010 17:11:54 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung widnat.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0036589f.
Error - 07.10.2010 17:13:07 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avcenter.exe, Version 10.0.12.28, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0014589f.
Error - 07.10.2010 17:13:14 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung jqsnotify.exe, Version 6.0.170.4, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0014589f.
Error - 07.10.2010 17:13:16 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung jqsnotify.exe, Version 6.0.170.4, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0014589f.
[ NetLimiter Events ]
Error - 05.04.2008 04:19:13 | Computer Name = ANDRE | Source = NetLimiter 2 | ID = 1000
Description =
Error - 05.04.2008 05:24:15 | Computer Name = ANDRE | Source = NetLimiter 2 | ID = 1000
Description =
Error - 05.04.2008 15:53:39 | Computer Name = ANDRE | Source = NetLimiter 2 | ID = 1000
Description =
Error - 06.04.2008 06:56:44 | Computer Name = ANDRE | Source = NetLimiter 2 | ID = 1000
Description =
Error - 07.04.2008 01:54:25 | Computer Name = ANDRE | Source = NetLimiter 2 | ID = 1000
Description =
Error - 07.04.2008 09:46:30 | Computer Name = ANDRE | Source = NetLimiter 2 | ID = 1000
Description =
Error - 08.04.2008 05:59:11 | Computer Name = ANDRE | Source = NetLimiter 2 | ID = 1000
Description =
[ System Events ]
Error - 07.10.2010 15:41:41 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7031
Description = Der Dienst "AVG Free WatchDog" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 07.10.2010 15:43:56 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%2
Error - 07.10.2010 15:45:24 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7034
Description = Dienst "Creative Service for CDROM Access" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 07.10.2010 16:10:10 | Computer Name = ANDRE | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 07.10.2010 16:10:32 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%2
Error - 07.10.2010 16:10:41 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCIIde ViaIde
Error - 07.10.2010 17:10:03 | Computer Name = ANDRE | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 07.10.2010 17:10:26 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%2
Error - 07.10.2010 17:10:36 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCIIde ViaIde
Error - 07.10.2010 17:12:13 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%2
< End of report >
Achja habe noch nen Scan mit HijackThis gemacht, falls das weiterhelfen könnte?! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:49:14, on 07.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\AVG\AVG9\avgchsvx.exe C:\Programme\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\AVG\AVG9\avgwdsvc.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\svchost.exe C:\Programme\AVG\AVG9\avgnsx.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Programme\Virtual CD v8\System\VC8SecS.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Dokumente und Einstellungen\André\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Setinx] C:\Dokumente und Einstellungen\André\Anwendungsdaten\Adobe\Update\widnat.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe -- End of file - 7620 bytes Mittlerweile öffnet sich keine Werbung mehr beim Anklicken eines Links, aber die Seite öffnet sich dennoch nicht. Unten sieht man, das er arbeitet und da steht zb "Warten auf click2mix.de" oder sowas.. passieren tut aber nichts. Zudem kommt nun grundsätzlich eine Fehlermeldung wenn ich ein Programm schließe, egal welches. Also die typische Windows XP Fehlermeldung: "blabla hat ein Problem festgestellt und muss beendet werden". Habe nun Malwarebytes, Ad-aware, HijackThis und OLT durchlaufen lassen. |
| Themen zu Falsche Links bei Google; WIndows Fehler nach Schließen jedes Programms |
| .com, 0x00000001, 0xc0000001, ad-aware, alternate, antivir, avg free, avgntflt.sys, avira, bho, black, bonjour, call of duty, components, error, excel.exe, falsche seite, feedback, fheydbueyj.exe, firefox, firefox.exe, flash player, google, hijack, hijackthis, hkus\s-1-5-18, infizierte dateien, location, logfile, malware, microsoft office word, mp3, notepad.exe, oldtimer, otl logfile, otl.exe, plug-in, problem, programm, realtek, safer networking, sched.exe, searchplugins, security, senden, server, shell32.dll, software, starten, system restore, teamspeak, vlc media player, windows, windows fehler, world at war |
Baum-Darstellung