Trojaner-Board - Windows XP tmp.exe viren

Hallo Cosinus

Danke erstmal, nun kommen meine Logs

(ich kann übrings keine seite mehr im iexplorer aufsuchen und mit firefox
kann ich zwar surfen..aber hier zb nicht posten..was ein kumpel macht)

Erst der Log von Malware

Code:

Malwarebytes' Anti-Malware 1.46

malwarebytes.org
 

Datenbank Version: 4052
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

02.05.2010 15:50:13

mbam-log-2010-05-02 (15-50-13).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)

Durchsuchte Objekte: 212229

Laufzeit: 1 Stunde(n), 10 Minute(n), 25 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 6

Infizierte Registrierungswerte: 3

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 2

Infizierte Dateien: 18
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined 

and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and 

deleted successfully.

HKEY_CURRENT_USER\Software\Desktop Security 2010 

(Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop 

Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted 

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and 

deleted successfully.

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and 

deleted successfully.
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop 

security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted 

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter 

(Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qw53oguvt5ke 

(Trojan.Downloader) -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 

2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

C:\Dokumente und Einstellungen\Anwender\Desktop\u98.exe 

(Adware.UltraReach) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 

2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> 

Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 

2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined 

and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 

2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> 

Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 

2010\How to Activate Desktop Security 2010.lnk 

(Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined 

and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted 

successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted 

successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted 

successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted 

successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Quarantined and 

deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\securityhelper.exe (Rogue.DesktopSecurity2010) -> Quarantined and 

deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted 

successfully.

C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 

2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted 

successfully.

C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Microsoft\Internet 

Explorer\Quick Launch\Desktop Security 2010.LNK 

(Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Lokale 

Einstellungen\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and 

deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temp\test.exe 

(Trojan.Agent) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Anwender\Lokale 

Einstellungen\Temp\m.215.tmp.exe (Trojan.Downloader) -> Quarantined and 

deleted successfully.

und nun von OTL Extras.txt

Code:

OTL Extras logfile created on: 03.05.2010 23:20:00 - Run 1

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Dokumente und 

Einstellungen\Anwender\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = 

NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: 

dd.MM.yyyy
 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% 

Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File 

free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = 

C:\Programme

Drive C: | 48,83 Gb Total Space | 6,73 Gb Free Space | 13,77% Space Free | 

Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 5,16 Gb Free Space | 10,56% Space Free | 

Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 43,57 Gb Total Space | 10,02 Gb Free Space | 22,99% Space Free | 

Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded
 

Computer Name: ANWENDER-73C45A

Current User Name: Anwender

Logged in as Administrator.
 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
 ========== Shell Spawning ==========
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 

(Microsoft Corporation)

htmlfile [print] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p 

%1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft 

Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe 

%SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft 

Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft 

Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
 ========== Security Center Settings ==========
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirewallDisableNotify" = 0
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\AhnlabAntiVirus]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\ComputerAssociatesAntiVirus]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\KasperskyAntiVirus]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\McAfeeAntiVirus]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\McAfeeFirewall]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\PandaAntiVirus]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\PandaFirewall]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\SophosAntiVirus]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\SymantecAntiVirus]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\SymantecFirewall]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\TinyFirewall]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\TrendAntiVirus]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\TrendFirewall]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\ZoneLabsFirewall]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP Port 443

"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP Port 443

"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP Port 37674

"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP Port 37674

"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP Port 37675
 
 ========== Authorized Applications List ==========
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows 

Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft 

Corporation)

"%windir%\system32\drivers\svchost.exe" = 

%windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = 

C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime 

Server -- (WIBU-SYSTEMS AG)

"C:\Programme\Vogel Verlag\Gemeinsame 

Komponenten\FahrenLernenSync\Vogel.USBSpider.exe" = C:\Programme\Vogel 

Verlag\Gemeinsame 

Komponenten\FahrenLernenSync\Vogel.USBSpider.exe:*:Enabled:FahrenLernenSync  

-- (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 --  

File not found

"C:\Programme\TVUPlayer\TVUPlayer.exe" = 

C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU 

networks)

"C:\Programme\Azureus\Azureus.exe" = 

C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)

"C:\WINDOWS\system32\LMabcoms.exe" = 

C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- ()

"C:\Programme\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = 

C:\Programme\Camfrog\Camfrog Video Chat\Camfrog Video 

Chat.exe:*:Enabled:Camfrog Video Chat 3.94 -- (Camshare LC)

"C:\Programme\Electronic Arts\Command & Conquer 

3\RetailExe\1.0\cnc3game.dat" = C:\Programme\Electronic Arts\Command & 

Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium 

Wars -- File not found

"C:\Gamigo Games\Smash Online\SmashOnline.exe" = C:\Gamigo Games\Smash 

Online\SmashOnline.exe:*:Enabled:SmashOnline -- File not found

"D:\Programme\poc\poc2008\Poc3D2008.exe" = 

D:\Programme\poc\poc2008\Poc3D2008.exe:*:Enabled:Poc3D2008 -- File not found

"D:\LevelR\LevelR.bin" = D:\LevelR\LevelR.bin:*:Enabled:LEVEL-R -- File not 

found

"C:\Programme\ICQ6.5\ICQ.exe" = 

C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows 

Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft 

Corporation)

"%windir%\system32\drivers\svchost.exe" = 

%windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = 

C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime 

Server -- (WIBU-SYSTEMS AG)

"D:\Programme\Vogel Verlag\PC-Professional\Fernwartung.exe" = 

D:\Programme\Vogel 

Verlag\PC-Professional\Fernwartung.exe:*:Enabled:Fernwartung -- File not 

found

"D:\Programme\Vogel Verlag\PC-Professional\FSM_WinVNC.exe" = 

D:\Programme\Vogel 

Verlag\PC-Professional\FSM_WinVNC.exe:*:Enabled:FSM_WinVNC -- File not found

"D:\Programme\Vogel Verlag\PC-Professional\PC_Professional.exe" = 

D:\Programme\Vogel 

Verlag\PC-Professional\PC_Professional.exe:*:Enabled:PC_Professional -- File 

not found

"C:\Programme\Vogel Verlag\Gemeinsame 

Komponenten\FahrenLernenSync\Vogel.USBSpider.exe" = C:\Programme\Vogel 

Verlag\Gemeinsame 

Komponenten\FahrenLernenSync\Vogel.USBSpider.exe:*:Enabled:FahrenLernenSync  

-- (Verlag Heinrich Vogel in der Springer Transport Media GmbH)

"D:\Programme\PC-Professional\Fernwartung.exe" = 

D:\Programme\PC-Professional\Fernwartung.exe:*:Enabled:Fernwartung --  

(Springer Transport Media GmbH)

"D:\Programme\PC-Professional\FSM_WinVNC.exe" = 

D:\Programme\PC-Professional\FSM_WinVNC.exe:*:Enabled:FSM_WinVNC --  

(Springer Transport Media GmbH)

"D:\Programme\PC-Professional\PC_Professional.exe" = 

D:\Programme\PC-Professional\PC_Professional.exe:*:Enabled:PC_Professional -- 

(Verlag Heinrich Vogel)
 
 
 ========== HKEY_LOCAL_MACHINE Uninstall List 

==========
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL 

Update kb973924 - x86 9.0.30729.4148

"{108DF49C-3AB4-4A7D-B6FD-8B6286B317FA}" = CodeMeter Tools Merge Module

"{14008C85-869F-11D5-986D-00500443CF9F}" = Der Planer Extra

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications 

Platform

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition

"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI

"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation 

Language Pack - DEU

"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater

"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE 

Language Pack

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 

Redistributable

"{7339E5F7-32DE-45CD-995E-A795494A4082}_is1" = FahrenLernenSync 1.1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL 

Update kb973923 - x86 8.0.50727.4053

"{791E2D38-210B-4622-8C57-512520D9F4EF}_is1" = PC-Professional Klasse B 2009

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C56F7E9-9175-48CF-999F-A786DEE68C1E}" = o2 Verbindungsmanager

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 

Redistributable

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = o2 Verbindungsmanager

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 

Language Pack - DEU

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge 

Modules

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional 

Edition 2003

"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3

"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - 

LIVE Redistributable

"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation 

Language Pack (DEU)

"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros Client Installation 

Program

"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error 

Reporting

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 

Redistributable - x86 9.0.30729.17

"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 

Service Pack 2

"{A961A077-4BD0-4C98-86BC-EE4A98CE550D}" = CodeMeter Runtime Merge Module 

(Win32)

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BA9E9ED5-FFF3-4E0D-95B9-62527672268B}_is1" = Der Planer 4 Version 1.3

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 

Service Pack 2

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver

"{C63DE709-AEF3-4D70-9868-A4D05C18A70F}" = CloneSetup

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio 

Driver

"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 

German Language Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FFDC4005-E968-498D-93C8-CC148742167D}}_is1" = Wecker für Windows 6.5

"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia 

Modem  (10/05/2009 4.2)

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia 

pccsmcfd  (08/22/2008 7.0.0.0)

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - 

MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - 

MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)

"8461-7759-5462-8226" = Vuze

"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia 

Modem  (06/01/2009 7.01.0.4)

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ArtMoney SE_is1" = ArtMoney SE v7.32.1

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Azureus" = Azureus

"Camfrog 5.5" = Camfrog Video Chat 5.5

"CCleaner" = CCleaner

"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced 

Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10250093" = HDAUDIO Soft Data 

Fax Modem with SmartCP

"Crystal Player" = Crystal Player Professional 1.98

"DopLive ÊÓÆµÖ±²¥_is1" = DopLive 1.0.328.1

"EADM" = EA Download Manager

"FileZilla" = FileZilla (remove only)

"FLV Player" = FLV Player 2.0 (build 25)

"Free FLV Converter_is1" = Free FLV Converter V 6.7.4

"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation 

APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments 

PCIxx21/x515/xx12 drivers.

"IsoBuster_is1" = IsoBuster 2.3

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard

"legacyqcam_10.51" = Logitech Legacy USB Camera-Treiberpaket

"Lexmark_HostCD" = Lexmark Software deinstallieren

"LG PC Suite IV" = LG PC Suite IV

"LManager" = Launch Manager

"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET 

Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET 

Framework 3.0 German Language Pack

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MozBackup_is1" = MozBackup 1.4.7

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"Mozilla Sunbird (0.3)" = Mozilla Sunbird (0.3)

"Mozilla Thunderbird (2.0.0.6)" = Mozilla Thunderbird (2.0.0.6)

"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Drivers" = NVIDIA Drivers

"PokerStars.net" = PokerStars.net

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"ScreenRecorder" = Bulent's Screen Recorder

"SmartTools Publishing · Musterbrief-Assistent" = SmartTools Publishing · 

Musterbrief-Assistent

"SopCast" = SopCast 3.0.3

"StreamTorrent 1.0" = Stream Torrent 1.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TomTom HOME" = TomTom HOME 2.7.3.1894

"TVUPlayer" = TVUPlayer 2.4.7.2

"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Webcam Simulator_is1" = Webcam Simulator 6.3

"Wecker 2.2" = Wecker 2.2 2.2

"WIC" = Windows Imaging Component

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR Archivierer

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
 ========== HKEY_CURRENT_USER Uninstall List 

==========
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Desktop Security 2010" = Desktop Security 2010

"Google Chrome" = Google Chrome
 
 ========== Last 10 Event Log Errors ==========
 

[ Application Events ]

Error - 24.04.2010 07:37:36 | Computer Name = ANWENDER-73C45A | Source = 

Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, 

fehlgeschlagenes

 Modul npswf32.dll, Version 10.0.22.87, Fehleradresse 0x0010a0de.
 

Error - 24.04.2010 15:45:40 | Computer Name = ANWENDER-73C45A | Source = 

Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung manager10.exe, Version 2.0.0.6, 

fehlgeschlagenes

 Modul manager10.exe, Version 2.0.0.6, Fehleradresse 0x00971f73.
 

Error - 24.04.2010 17:55:06 | Computer Name = ANWENDER-73C45A | Source = 

Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 

Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 

Error - 27.04.2010 13:43:53 | Computer Name = ANWENDER-73C45A | Source = 

ESENT | ID = 490

Description = svchost (1148) Versuch, Datei 

"C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 

(0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen 

Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 

Error - 01.05.2010 09:35:18 | Computer Name = ANWENDER-73C45A | Source = 

Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 

Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 

Error - 01.05.2010 11:09:49 | Computer Name = ANWENDER-73C45A | Source = 

Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 

Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 

Error - 01.05.2010 11:16:27 | Computer Name = ANWENDER-73C45A | Source = 

Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 

Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 

Error - 01.05.2010 11:17:58 | Computer Name = ANWENDER-73C45A | Source = 

Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 

Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 

Error - 03.05.2010 12:28:13 | Computer Name = ANWENDER-73C45A | Source = 

Google Update | ID = 20

Description =
 

Error - 03.05.2010 13:28:10 | Computer Name = ANWENDER-73C45A | Source = 

Google Update | ID = 20

Description =
 

[ System Events ]

Error - 02.05.2010 11:10:37 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 

ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 

Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten 

physikalischen Speicher

 abbilden zu können.
 

Error - 02.05.2010 11:17:32 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262189

Description = Das System konnte den Treiber für das Speicherabbild nicht 

laden.
 

Error - 02.05.2010 11:17:32 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 

ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 

Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten 

physikalischen Speicher

 abbilden zu können.
 

Error - 02.05.2010 11:46:27 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262189

Description = Das System konnte den Treiber für das Speicherabbild nicht 

laden.
 

Error - 02.05.2010 11:46:27 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 

ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 

Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten 

physikalischen Speicher

 abbilden zu können.
 

Error - 03.05.2010 06:34:31 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262189

Description = Das System konnte den Treiber für das Speicherabbild nicht 

laden.
 

Error - 03.05.2010 06:34:31 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 

ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 

Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten 

physikalischen Speicher

 abbilden zu können.
 

Error - 03.05.2010 17:12:38 | Computer Name = ANWENDER-73C45A | Source = 

NetBT | ID = 4307

Description = Initialisierung fehlgeschlagen, da die Transportschicht das 

Öffnen

 der Anfangsadressen verweigerte.
 

Error - 03.05.2010 17:12:38 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262189

Description = Das System konnte den Treiber für das Speicherabbild nicht 

laden.
 

Error - 03.05.2010 17:12:38 | Computer Name = ANWENDER-73C45A | Source = 

Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 

ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 

Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten 

physikalischen Speicher

 abbilden zu können.
 

< End of report >

[/CODE]

Und nun der OTL.txt

Code:

OTL logfile created on: 03.05.2010 23:20:00 - Run 1

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Dokumente und 

Einstellungen\Anwender\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = 

NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: 

dd.MM.yyyy
 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% 

Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File 

free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = 

C:\Programme

Drive C: | 48,83 Gb Total Space | 6,73 Gb Free Space | 13,77% Space Free | 

Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 5,16 Gb Free Space | 10,56% Space Free | 

Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 43,57 Gb Total Space | 10,02 Gb Free Space | 22,99% Space Free | 

Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded
 

Computer Name: ANWENDER-73C45A

Current User Name: Anwender

Logged in as Administrator.
 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal
 
 ========== Processes (SafeList) ==========
 

PRC - C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe (OldTimer 

Tools)

PRC - C:\Dokumente und Einstellungen\Anwender\Eigene 

Dateien\Downloads\iexplore.exe.exe (Sysinternals - www.sysinternals.com)

PRC - C:\Programme\Nokia\Nokia PC Suite 7\Lang\SuiteModules6060.exe ()

PRC - 

C:\Programme\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\QuickTimeResourcesQuickTime7.6.4.exe 

()

PRC - C:\Programme\DivX\DivX Web 

Player\Microsoft.VC80.CRT\MicrosoftMSVCP80.exe ()

PRC - C:\Programme\Gemeinsame 

Dateien\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\InstallShieldSetup.exe 

()

PRC - C:\Dokumente und Einstellungen\Anwender\Lokale 

Einstellungen\Temp\bhMH.exe ()

PRC - D:\Online\FireFox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\DopLive\schedule.exe (P2P网络电视)

PRC - C:\Programme\DopLive\Reminder.exe (DopLive P2P网络视频)

PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Vogel Verlag\Gemeinsame 

Komponenten\FahrenLernenSync\Vogel.USBSpider.exe (Verlag Heinrich Vogel in 

der Springer Transport Media GmbH)

PRC - C:\Programme\o2 Surfstick Speed\o2 Verbindungsmanager\o2 

Verbindungsmanager.exe (o2)

PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)

PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)

PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech 

Inc.)

PRC - C:\Programme\o2 Surfstick Speed\o2 Verbindungsmanager\GtDetectSc.exe 

(OptionNV)

PRC - C:\Programme\Outlook Express\msimn.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero 

AG)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero 

AG)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\acs.exe ()

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE 

(Microsoft Corporation)
 
 
 ========== Modules (SafeList) ==========
 

MOD - C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe (OldTimer 

Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
 
 
 ========== Win32 Services (SafeList) ==========
 

SRV - (Lavasoft Ad-Aware Service) --  

C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 

2\TomTomHOMEService.exe (TomTom)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity 

Solution\ServiceLayer.exe (Nokia)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe 

(Avira GmbH)

SRV - (Dopool_Schedule) -- C:\Programme\DopLive\schedule.exe (P2P网络电视)

SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir 

Desktop\sched.exe (Avira GmbH)

SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe 

(WIBU-SYSTEMS AG)

SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame 

Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (GtDetectSc) -- C:\Programme\o2 Surfstick Speed\o2 

Verbindungsmanager\GtDetectSc.exe (OptionNV)

SRV - (NBService) -- D:\Programme\Nero 7\Nero BackItUp\NBService.exe (Nero 

AG)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame 

Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (lmab_device) -- C:\WINDOWS\System32\LMabcoms.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source 

Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft 

Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
 ========== Driver Services (SafeList) ==========
 

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 

(Nokia)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) --  

C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech 

Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (GTUHSOMS) -- C:\WINDOWS\system32\drivers\gtuhsoms.sys (Option N.V.)

DRV - (GTUHSSER) -- C:\WINDOWS\system32\drivers\gtuhsser.sys (Option N.V.)

DRV - (GTUHSBUS) -- C:\WINDOWS\system32\drivers\gtuhsbus.sys (Option N.V.)

DRV - (GTUHSNDISIPXP) -- C:\WINDOWS\system32\drivers\gtuhs51.sys (Option 

N.V.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG 

Electronics Inc.)

DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics 

Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics 

Inc.)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (usbaudio) USB-Audiotreiber (WDM) --  

C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) 

Server 2003 DDK provider)

DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI 

Corporation)

DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI 

Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) --  

C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft 

Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) --  

C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro 

Devices)

DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA 

Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA 

Corporation)

DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System 

Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant 

Systems, Inc.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant 

Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant 

Systems, Inc.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros 

Communications, Inc.)

DRV - (UltraMonMirror) -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys 

(Realtime Soft)

DRV - (UltraMonUtility) -- C:\WINDOWS\system32\UltraMonUtility.sys (Realtime 

Soft)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 

"ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 

"ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 

"ProxyServer" = http=127.0.0.1:5555
 
 ========== FireFox ==========
 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 8

FF - prefs.js..extensions.enabledItems: 2
 

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: 

C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.28 00:01:53 | 

000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: 

D:\Online\FireFox\components [2010.04.04 00:47:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: 

D:\Online\FireFox\plugins [2010.04.02 10:54:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.3\extensions\\Components: 

D:\Online\Mozilla Sunbird\components [2010.01.24 06:09:59 | 000,000,000 

| ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.3\extensions\\Plugins: 

D:\Online\Mozilla Sunbird\plugins [2010.01.24 06:09:58 | 000,000,000 | ---D 

| M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 

2.0.0.6\extensions\\Components: D:\Online\ThunderBird\components [2010.01.24 

06:09:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: 

D:\Online\ThunderBird\plugins [2010.01.24 06:09:58 | 000,000,000 | ---D | M]
 

[2009.08.21 22:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Mozilla\Extensions

[2009.08.21 22:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com

[2010.05.03 22:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\70k4gpb8.default\extensions

[2009.09.02 15:18:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework 

Assistant) -- C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\70k4gpb8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.11.03 11:25:14 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\70k4gpb8.default\extensions\firefox@tvunetworks.com
 

O1 HOSTS File: ([2010.05.02 16:35:01 | 000,000,698 | ---- | M]) - 

C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 

C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 

(Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll 

(Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - 

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame 

Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft 

Corporation)

O4 - HKLM..\Run: [AutoRunGUIDeluxeAutoRun7] C:\Dokumente und 

Einstellungen\Anwender\Lokale Einstellungen\Temp\bhMH.exe ()

O4 - HKLM..\Run: [dopoolreminder] C:\Programme\DopLive\Reminder.exe (DopLive 

P2P网络视频)

O4 - HKLM..\Run: [InstallShieldSetup14.0.162] c:\Programme\Gemeinsame 

Dateien\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\InstallShieldSetup.exe 

()

O4 - HKLM..\Run: [LanguagesApplicationInstallereng] C:\Programme\Nokia\Nokia 

PC Suite 7\Lang\SuiteModules6060.exe ()

O4 - HKLM..\Run: [LinkAutoRun] C:\Dokumente und 

Einstellungen\Anwender\Lokale Einstellungen\Temp\bhMH.exe ()

O4 - HKLM..\Run: [MicrosoftStudio8.00.50727.762] c:\Programme\DivX\DivX Web 

Player\Microsoft.VC80.CRT\MicrosoftMSVCP80.exe ()

O4 - HKLM..\Run: [mscorlibSilverlight] c:\Programme\Microsoft 

Silverlight\3.0.50106.0\de\VisualBasicVisualBasic.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA 

Corporation)

O4 - HKLM..\Run: [PCSCMengLibrary711030] c:\Programme\Nokia\Nokia PC Suite 

7\Lang\SuiteModules6060.exe ()

O4 - HKLM..\Run: [QuickTimeQuickTimeResources] 

C:\Programme\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\QuickTimeResourcesQuickTime7.6.4.exe 

()

O4 - HKLM..\Run: [QuickTimeResourcesQuickTime] 

c:\Programme\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\QuickTimeResourcesQuickTime7.6.4.exe 

()

O4 - HKLM..\Run: [SpiderService] C:\Programme\Vogel Verlag\Gemeinsame 

Komponenten\FahrenLernenSync\Vogel.USBSpider.exe (Verlag Heinrich Vogel in 

der Springer Transport Media GmbH)

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 

C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [Desktop Security 2010] C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Desktop Security 2010\Desktop 

Security 2010.exe ()

O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 

7\PCSuite.exe (Nokia)

O4 - HKCU..\Run: [qw53oguvt5ke] C:\Dokumente und 

Einstellungen\Anwender\Lokale Einstellungen\Temp\m.210.tmp.exe ()

O4 - HKCU..\Run: [SecurityCenter] C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Desktop Security 

2010\securitycenter.exe ()

O4 - HKLM..\RunServices: [ArtsAutoRun1.2.0.112] C:\Dokumente und 

Einstellungen\Anwender\Lokale Einstellungen\Temp\bhMH.exe ()

O4 - HKLM..\RunServices: [AutoRun7Library] C:\Dokumente und 

Einstellungen\Anwender\Lokale Einstellungen\Temp\bhMH.exe ()

O4 - HKLM..\RunServices: [ConnectionNokia] C:\Programme\Nokia\Nokia PC Suite 

7\Lang\SuiteModules6060.exe ()

O4 - HKLM..\RunServices: [QuickTimeQuickTimeResources] 

C:\Programme\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\QuickTimeResourcesQuickTime7.6.4.exe 

()

O4 - HKLM..\RunServices: [SmartTagInstallOffice] c:\Programme\Gemeinsame 

Dateien\Microsoft Shared\Smart Tag\fdatemofl.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\All 

Users\Startmenü\Programme\Autostart\o2 Verbindungsmanager.lnk = 

C:\Programme\o2 Surfstick Speed\o2 Verbindungsmanager\o2 

Verbindungsmanager.exe (o2)

O4 - Startup: C:\Dokumente und 

Einstellungen\Anwender\Startmenü\Programme\Autostart\CodeMeter Control 

Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe 

(WIBU-SYSTEMS AG)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - 

D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 

D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - 

C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - 

{E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, 

LLC.)

O15 - HKCU\..Trusted Domains: stickam.com ([]https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} 

hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab 

(Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} 

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave 

ActiveX Control)

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} 

hxxp://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} 

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191273289781 

(WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} 

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java 

Plug-in 1.6.0_11)

O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} 

hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll (CCTVUpdateInstall)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} 

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java 

Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} 

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java 

Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} 

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java 

Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java 

Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} 

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg 

Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} 

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 

(Shockwave Flash Object)

O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} 

hxxp://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)

O18 - Protocol\Handler\http\0x00000001 

{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame 

Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - 

C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft 

Corporation)

O18 - Protocol\Handler\https\0x00000001 

{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame 

Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - 

C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft 

Corporation)

O18 - Protocol\Handler\ipp\0x00000001 

{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame 

Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 

{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame 

Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb 

{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame 

Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - 

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information 

Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - 

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL 

(Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - 

C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - 

C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL 

(Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe 

(Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.09.28 21:32:23 | 000,000,000 | ---- | M] () - 

C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{47a3bdd0-1022-11df-b49f-0016d34fa6cc}\Shell - "" = 

AutoRun

O33 - MountPoints2\{47a3bdd0-1022-11df-b49f-0016d34fa6cc}\Shell\AutoRun - "" 

= Auto&Play

O33 - 

MountPoints2\{47a3bdd0-1022-11df-b49f-0016d34fa6cc}\Shell\AutoRun\command - 

"" = K:\autorun.exe -- File not found

O33 - MountPoints2\{dfdd76cd-23e6-11df-b4b3-0016d34fa6cc}\Shell - "" = 

AutoRun

O33 - MountPoints2\{dfdd76cd-23e6-11df-b4b3-0016d34fa6cc}\Shell\AutoRun - "" 

= Auto&Play

O33 - 

MountPoints2\{dfdd76cd-23e6-11df-b4b3-0016d34fa6cc}\Shell\AutoRun\command - 

"" = J:\LGAutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 ========== Files/Folders - Created Within 30 Days 

==========
 

[2010.05.03 23:13:51 | 000,000,000 | ---D | C] -- C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Desktop Security 2010

[2010.05.03 22:37:40 | 000,570,880 | ---- | C] (OldTimer Tools) --  

C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe

[2010.05.02 16:59:52 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro

[2010.05.02 16:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010.05.02 16:29:37 | 000,000,000 | RH-D | C] -- C:\Dokumente und 

Einstellungen\Anwender\Recent

[2010.05.02 16:17:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.05.02 15:47:42 | 000,000,000 | ---D | C] -- C:\Dokumente und 

Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2010.05.02 03:49:42 | 000,000,000 | ---D | C] -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\HostsXpert

[2010.05.02 03:20:57 | 000,000,000 | ---D | C] -- C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Malwarebytes

[2010.05.02 03:14:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) --  

C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.05.02 03:14:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) --  

C:\WINDOWS\System32\drivers\mbam.sys

[2010.05.02 03:14:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' 

Anti-Malware

[2010.05.02 03:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und 

Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.04.15 23:05:25 | 000,000,000 | ---D | C] -- C:\Games

[2010.04.15 22:29:22 | 000,000,000 | ---D | C] -- C:\Dokumente und 

Einstellungen\Anwender\Anwendungsdaten\Der Planer 4

[2010.04.13 23:00:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010.04.11 16:37:54 | 038,513,689 | ---- | C] (rondomedia Marketing & 

Vertriebs GmbH                       ) -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\planer4_patch_v13.exe

[2008.01.08 11:33:23 | 000,335,872 | ---- | C] ( ) --  

C:\WINDOWS\System32\lexlog.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
 ========== Files - Modified Within 30 Days ==========
 

[2010.05.03 23:12:46 | 000,051,048 | ---- | M] () --  

C:\WINDOWS\System32\nvapps.xml

[2010.05.03 23:12:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.05.03 23:12:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.05.03 23:11:47 | 007,077,888 | -H-- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\NTUSER.DAT

[2010.05.03 23:11:23 | 000,000,190 | -HS- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\ntuser.ini

[2010.05.03 23:11:10 | 002,107,888 | -H-- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.05.03 22:37:39 | 000,570,880 | ---- | M] (OldTimer Tools) --  

C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe

[2010.05.03 22:28:06 | 000,001,220 | ---- | M] () --  

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-725345543-1003UA.job

[2010.05.02 22:58:35 | 000,000,069 | ---- | M] () --  

C:\WINDOWS\NeroDigital.ini

[2010.05.02 22:58:34 | 000,095,232 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Lokale 

Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.05.02 21:28:01 | 000,001,168 | ---- | M] () --  

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-725345543-1003Core.job

[2010.05.02 17:50:44 | 001,042,118 | ---- | M] () --  

C:\WINDOWS\System32\PerfStringBackup.INI

[2010.05.02 17:50:44 | 000,449,044 | ---- | M] () --  

C:\WINDOWS\System32\perfh007.dat

[2010.05.02 17:50:44 | 000,432,690 | ---- | M] () --  

C:\WINDOWS\System32\perfh009.dat

[2010.05.02 17:50:44 | 000,080,306 | ---- | M] () --  

C:\WINDOWS\System32\perfc007.dat

[2010.05.02 17:50:44 | 000,067,646 | ---- | M] () --  

C:\WINDOWS\System32\perfc009.dat

[2010.05.02 17:16:07 | 000,000,512 | ---- | M] () -- C:\WINDOWS\win.ini

[2010.05.02 17:16:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.05.02 17:16:07 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2010.05.02 16:59:53 | 000,001,704 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\HijackThis.lnk

[2010.05.02 16:33:35 | 000,000,206 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163333.reg

[2010.05.02 16:33:19 | 000,000,206 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163316.reg

[2010.05.02 16:33:04 | 000,000,290 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163302.reg

[2010.05.02 16:32:52 | 000,002,002 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163249.reg

[2010.05.02 16:32:33 | 000,321,122 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163214.reg

[2010.05.02 16:18:01 | 000,001,518 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\CCleaner.lnk

[2010.05.02 03:14:40 | 000,000,682 | ---- | M] () -- C:\Dokumente und 

Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.02 03:02:49 | 000,002,206 | ---- | M] () --  

C:\WINDOWS\System32\wpa.dbl

[2010.05.01 16:52:35 | 000,000,600 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\PUTTY.RND

[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) --  

C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) --  

C:\WINDOWS\System32\drivers\mbam.sys

[2010.04.26 21:28:30 | 000,000,458 | ---- | M] () --  

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010.04.15 23:05:26 | 000,000,627 | ---- | M] () -- C:\Dokumente und 

Einstellungen\All Users\Desktop\ArtMoney SE v7.32.lnk

[2010.04.13 22:59:54 | 000,000,580 | ---- | M] () -- C:\Dokumente und 

Einstellungen\All Users\Desktop\Der Planer 4.lnk

[2010.04.11 16:40:36 | 000,056,131 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\DerPlaner4@www.torrent.to.torrent

[2010.04.11 16:37:56 | 038,513,689 | ---- | M] (rondomedia Marketing & 

Vertriebs GmbH                       ) -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\planer4_patch_v13.exe

[2010.04.11 16:30:37 | 000,056,131 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\Saugstube-Torrent.to_der-planer-4.torrent

[2010.04.04 23:16:29 | 000,000,480 | ---- | M] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\Manager10.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
 ========== Files Created - No Company Name ==========
 

[2010.05.02 16:59:53 | 000,001,704 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\HijackThis.lnk

[2010.05.02 16:33:34 | 000,000,206 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163333.reg

[2010.05.02 16:33:17 | 000,000,206 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163316.reg

[2010.05.02 16:33:03 | 000,000,290 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163302.reg

[2010.05.02 16:32:50 | 000,002,002 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163249.reg

[2010.05.02 16:32:17 | 000,321,122 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Eigene Dateien\cc_20100502_163214.reg

[2010.05.02 16:18:01 | 000,001,518 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\CCleaner.lnk

[2010.05.02 03:14:40 | 000,000,682 | ---- | C] () -- C:\Dokumente und 

Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.04.15 23:05:26 | 000,000,627 | ---- | C] () -- C:\Dokumente und 

Einstellungen\All Users\Desktop\ArtMoney SE v7.32.lnk

[2010.04.13 22:59:54 | 000,000,580 | ---- | C] () -- C:\Dokumente und 

Einstellungen\All Users\Desktop\Der Planer 4.lnk

[2010.04.11 16:40:36 | 000,056,131 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\DerPlaner4@www.torrent.to.torrent

[2010.04.11 16:30:36 | 000,056,131 | ---- | C] () -- C:\Dokumente und 

Einstellungen\Anwender\Desktop\Saugstube-Torrent.to_der-planer-4.torrent

[2010.02.27 23:27:15 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\CommonDL.dll

[2010.02.27 23:27:15 | 000,002,412 | ---- | C] () --  

C:\WINDOWS\System32\lgAxconfig.ini

[2009.12.19 02:34:26 | 000,010,752 | ---- | C] () --  

C:\WINDOWS\System32\ff_vfw.dll

[2009.12.19 02:34:26 | 000,000,547 | ---- | C] () --  

C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009.08.19 09:26:48 | 000,005,632 | ---- | C] () --  

C:\WINDOWS\System32\StarOpen.sys

[2009.02.10 23:29:51 | 000,005,632 | ---- | C] () --  

C:\WINDOWS\System32\drivers\StarOpen.sys

[2008.12.16 22:58:54 | 000,025,624 | ---- | C] () --  

C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008.12.16 22:50:56 | 000,013,584 | ---- | C] () --  

C:\WINDOWS\System32\drivers\iKeyLgFT.dll

[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () --  

C:\WINDOWS\System32\qt-dx331.dll

[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () --  

C:\WINDOWS\System32\dtu100.dll.manifest

[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () --  

C:\WINDOWS\System32\dpl100.dll.manifest

[2008.09.16 02:11:10 | 000,012,288 | ---- | C] () --  

C:\WINDOWS\System32\DivXWMPExtType.dll

[2008.01.25 11:36:35 | 000,717,296 | ---- | C] () --  

C:\WINDOWS\System32\drivers\sptd.sys

[2008.01.08 11:52:03 | 000,630,784 | ---- | C] () --  

C:\WINDOWS\System32\LMabpmui.dll

[2008.01.08 11:52:02 | 001,183,744 | ---- | C] () --  

C:\WINDOWS\System32\LMabserv.dll

[2008.01.08 11:52:02 | 001,134,592 | ---- | C] () --  

C:\WINDOWS\System32\LMabusb1.dll

[2008.01.08 11:52:02 | 000,155,648 | ---- | C] () --  

C:\WINDOWS\System32\LMabprox.dll

[2008.01.08 11:52:02 | 000,114,688 | ---- | C] () --  

C:\WINDOWS\System32\LMabpplc.dll

[2008.01.08 11:52:01 | 000,733,184 | ---- | C] () --  

C:\WINDOWS\System32\LMabip1.dll

[2008.01.08 11:52:01 | 000,507,904 | ---- | C] () --  

C:\WINDOWS\System32\LMabpar1.dll

[2008.01.08 11:52:01 | 000,491,520 | ---- | C] () --  

C:\WINDOWS\System32\LMablmpm.dll

[2008.01.08 11:52:01 | 000,413,696 | ---- | C] () --  

C:\WINDOWS\System32\LMabcomm.dll

[2008.01.08 11:52:00 | 000,704,512 | ---- | C] () --  

C:\WINDOWS\System32\LMabcomc.dll

[2008.01.08 11:33:35 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABB2DD.ini

[2007.11.26 22:56:28 | 000,151,415 | ---- | C] () --  

C:\WINDOWS\System32\xlive.dll.cat

[2007.10.21 01:03:10 | 000,081,110 | ---- | C] () --  

C:\WINDOWS\System32\lvcoinst.ini

[2007.10.12 02:55:59 | 000,000,069 | ---- | C] () --  

C:\WINDOWS\NeroDigital.ini

[2007.10.09 23:40:50 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2007.10.02 11:55:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () --  

C:\WINDOWS\System32\AgCPanelFrench.dll

[2006.07.20 20:58:00 | 001,662,976 | ---- | C] () --  

C:\WINDOWS\System32\nvwdmcpl.dll

[2006.07.20 20:58:00 | 001,470,464 | ---- | C] () --  

C:\WINDOWS\System32\nview.dll

[2006.07.20 20:58:00 | 001,019,904 | ---- | C] () --  

C:\WINDOWS\System32\nvwimg.dll

[2006.07.20 20:58:00 | 000,466,944 | ---- | C] () --  

C:\WINDOWS\System32\nvshell.dll

[2006.07.20 20:58:00 | 000,098,304 | ---- | C] () --  

C:\WINDOWS\System32\nvapi.dll

[2006.05.17 18:32:38 | 000,172,032 | ---- | C] () --  

C:\WINDOWS\System32\tifmicon.dll

[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () --  

C:\WINDOWS\System32\indounin.dll

[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () --  

C:\WINDOWS\System32\Iyvu9_32.dll
 
 ========== Alternate Data Streams ==========
 

@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All 

Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >

Ich versteh nur Bahnhof :)