Stoffl33 | 05.08.2010 14:59 | Hallo Larusso,
erst mal vielen Dank für deine Hilfe!!!
Hier die Files: OTL.txt:OTL Logfile: Code:
OTL logfile created on: 05.08.2010 14:05:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,00 Mb Total Physical Memory | 75,00 Mb Available Physical Memory | 15,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,16 Gb Total Space | 9,65 Gb Free Space | 25,28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,93 Gb Total Space | 1,16 Gb Free Space | 60,36% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC50672
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010.08.05 09:28:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\MFTools\OTL.exe
PRC - [2010.06.03 11:06:53 | 000,172,032 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010.03.22 17:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2009.11.17 21:10:59 | 000,080,936 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.07.05 19:59:08 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\AutoUpdate\ALMon.exe
PRC - [2009.02.09 21:38:41 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.28 19:07:48 | 000,529,704 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
PRC - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2005.04.07 17:26:10 | 001,421,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002.03.12 10:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe
========== Modules (SafeList) ==========
MOD - [2010.08.05 09:28:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\MFTools\OTL.exe
MOD - [2009.10.07 21:12:52 | 000,195,072 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2010.06.03 11:06:53 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.11.17 21:10:59 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.02.09 21:38:41 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008.02.28 19:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.03.28 11:46:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2005.04.07 17:26:10 | 001,421,336 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004.04.05 13:40:00 | 000,036,864 | ---- | M] (Novell, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2003.03.27 14:38:56 | 000,110,665 | ---- | M] (Novell, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\wm.exe -- (WM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2010.06.03 11:03:31 | 000,111,232 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010.06.03 11:03:04 | 000,038,912 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2009.02.09 21:42:16 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008.09.07 17:52:42 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.06.16 10:31:08 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 15:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 10:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2005.04.18 17:16:00 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2005.04.07 17:23:50 | 000,299,083 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005.02.08 11:27:00 | 000,005,185 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004.08.18 18:02:52 | 000,153,460 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2004.07.26 17:50:38 | 000,037,331 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2004.07.14 11:40:04 | 000,474,354 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetWareWorkstation)
DRV - [2004.07.13 09:09:18 | 000,016,180 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2004.06.26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004.06.01 18:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2004.05.24 11:58:52 | 000,037,856 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nicm.sys -- (NICM)
DRV - [2004.04.29 16:57:54 | 000,019,407 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2004.03.11 15:57:54 | 000,041,888 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2004.03.05 09:45:50 | 000,015,762 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2004.02.17 15:16:58 | 000,011,856 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2003.07.24 19:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003.02.26 14:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2003.02.13 07:27:38 | 000,005,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2002.01.11 00:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)
DRV - [2001.08.17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.05.14 18:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Deutschland - die andere Suchmaschine
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=9347E153-8679-497B-9994-38AB8D69C03A&apn_ptnrs=PV&apn_sauid=E8204C20-FBA9-48D5-9095-362EAC358C6D&apn_dtid=&q="
FF - prefs.js..network.proxy.no_proxies_on: "eumex.ip"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\PROGRAMME\Mozilla Firefox\components [2010.08.04 13:43:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\PROGRAMME\Mozilla Firefox\plugins [2010.08.04 13:43:42 | 000,000,000 | ---D | M]
[2008.08.26 20:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.08.04 14:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\s7eyukvp.default\extensions
[2010.04.28 21:13:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\s7eyukvp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.05 17:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\s7eyukvp.default\extensions\toolbar@ask.com
[2010.08.04 14:48:30 | 000,002,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\s7eyukvp.default\searchplugins\askcom.xml
[2010.08.04 14:55:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.04 13:42:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.04 13:42:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.04 13:42:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.04 13:42:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.04 13:42:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.08.04 23:36:46 | 000,415,867 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Windows Vista
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 ????????
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 Toyota Corolla | Spawacz 135 136 | Naruto Episode 130 | ????? | ???? | ????? | ???? at 136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14358 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALMon.exe] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe File not found
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe File not found
O9 - Extra Button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195220959718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195220941859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, INC.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.09.15 14:12:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fb776658-ba30-11dc-aeb8-00065b72ca1f}\Shell - "" = AutoRun
O33 - MountPoints2\{fb776658-ba30-11dc-aeb8-00065b72ca1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb776658-ba30-11dc-aeb8-00065b72ca1f}\Shell\AutoRun\command - "" = E:\preinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)
========== Files/Folders - Created Within 90 Days ==========
[2010.08.05 09:35:38 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.08.05 09:28:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\MFTools
[2010.08.04 14:46:58 | 000,000,000 | ---D | C] -- C:\Programme\Netzmanager
[2010.08.04 14:46:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2010.08.04 14:45:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2010.08.04 14:43:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2010.06.08 21:34:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010.08.05 14:02:20 | 008,388,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2010.08.05 14:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.08.05 10:43:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.05 10:38:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.05 10:38:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.05 10:38:21 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 10:36:44 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.08.05 09:35:40 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\NTREGOPT.lnk
[2010.08.05 09:35:40 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2010.08.05 09:28:28 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Gmer.zip
[2010.08.05 09:23:53 | 000,410,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe
[2010.08.05 09:17:37 | 000,000,863 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.08.04 23:36:46 | 000,415,867 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010.08.04 18:00:00 | 000,000,558 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2010.08.04 14:52:13 | 000,000,724 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Netzmanager.lnk
[2010.08.04 14:47:21 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Netzmanager.lnk
[2010.08.04 13:31:23 | 000,126,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spyware.doc
[2010.08.03 12:04:54 | 000,000,183 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010.07.27 16:42:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.13 22:04:10 | 000,411,878 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100804-233645.backup
[2010.07.11 20:36:38 | 000,000,091 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls
[2010.07.11 20:36:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.10 15:47:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.05 21:11:15 | 001,032,878 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.05 21:11:15 | 000,462,322 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.05 21:11:15 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.05 21:11:15 | 000,085,344 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.05 21:11:15 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.14 18:40:38 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.03 18:02:24 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.06.03 11:19:58 | 000,000,692 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk
[2010.06.03 11:03:41 | 000,130,088 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2010.06.03 11:03:31 | 000,111,232 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2010.06.03 11:03:04 | 000,038,912 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2010.05.26 19:58:37 | 000,000,166 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.05.26 17:42:51 | 000,396,920 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100713-220409.backup
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.05 09:35:40 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\NTREGOPT.lnk
[2010.08.05 09:35:40 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2010.08.05 09:28:27 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Gmer.zip
[2010.08.05 09:23:51 | 000,410,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe
[2010.08.04 23:39:59 | 000,153,880 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.08.04 14:52:13 | 000,000,724 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Netzmanager.lnk
[2010.08.04 14:47:21 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Netzmanager.lnk
[2010.08.04 13:31:19 | 000,126,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spyware.doc
[2010.05.26 19:58:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.03.15 11:48:01 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2009.03.13 17:44:02 | 000,000,172 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009.03.09 15:58:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAUTO.INI
[2008.09.05 16:30:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008.08.15 11:03:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.07.14 21:08:40 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2008.01.06 20:54:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.11.16 18:05:17 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.11.16 18:05:13 | 000,176,152 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.10.23 08:51:08 | 000,094,208 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2006.10.23 08:51:08 | 000,086,016 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006.10.23 08:51:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006.10.23 08:51:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2006.04.19 15:32:07 | 000,000,253 | ---- | C] () -- C:\WINDOWS\tm.ini
[2005.08.04 15:22:24 | 000,000,051 | ---- | C] () -- C:\WINDOWS\VLBWIN32.INI
[2005.08.04 15:21:25 | 000,000,168 | ---- | C] () -- C:\WINDOWS\pfsenv.ini
[2005.06.22 12:46:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005.05.02 15:54:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\tapp.ini
[2005.03.09 15:24:45 | 000,000,049 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004.12.01 19:56:03 | 000,000,067 | ---- | C] () -- C:\WINDOWS\StationRipper.INI
[2004.10.19 16:48:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\usbprn.dll
[2004.10.12 15:36:38 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\crownmon.dll
[2004.10.12 13:48:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\scanx.dll
[2004.10.12 13:48:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UninFolder.dll
[2004.09.16 16:46:27 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004.09.16 16:26:00 | 000,000,183 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004.09.16 15:42:43 | 000,000,611 | ---- | C] () -- C:\WINDOWS\rzsetup.ini
[2004.09.16 15:42:34 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2004.09.16 15:04:01 | 000,000,518 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.09.15 16:04:21 | 000,288,768 | ---- | C] () -- C:\WINDOWS\System32\DBLGEN6.DLL
[2004.09.15 16:04:21 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[2004.09.15 16:04:21 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\NALNRD95.DLL
[2004.09.15 16:04:21 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\NALNRD32.DLL
[2004.09.15 16:04:20 | 000,409,088 | ---- | C] () -- C:\WINDOWS\System32\DBODBC6.DLL
[2004.09.15 16:04:20 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\NLSAPI32.DLL
[2004.09.15 16:04:20 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\NLS32.DLL
[2004.09.15 14:51:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2004.09.15 14:51:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\NMASWrap.dll
[2004.08.09 19:11:56 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2004.08.09 18:50:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2004.08.09 18:50:48 | 000,241,746 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.02.05 16:31:42 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2001.10.23 09:36:04 | 000,012,112 | ---- | C] () -- C:\WINDOWS\System32\wmntapi.dll
[2001.10.04 14:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2001.07.31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001.07.18 09:36:46 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\wmrasm.dll
[2000.01.20 09:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999.01.11 03:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996.05.14 09:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995.08.22 08:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
========== LOP Check ==========
[2010.01.20 22:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2008.07.14 21:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Buhl Data Service
[2010.01.19 20:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Green Elk Soft
[2010.08.03 17:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gyen
[2010.03.21 18:15:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NCH Swift Sound
[2008.01.03 21:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-Online
[2008.07.14 21:02:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2005.06.22 12:46:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon
[2010.01.01 17:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010.08.04 19:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2008.08.16 23:26:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\services
[2007.09.06 13:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Software4u
[2006.03.14 14:48:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
[2008.01.03 21:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2004.09.16 16:39:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007.11.16 15:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010.08.04 14:50:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2009.12.28 20:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.01.01 18:15:01 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2010.08.05 14:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009.12.29 13:19:32 | 000,001,024 | ---- | M] () -- C:\.rnd
[2004.09.15 14:12:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008.09.08 19:23:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.02.21 16:56:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2003.07.21 23:32:32 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004.08.03 23:00:10 | 000,262,448 | ---- | M] () -- C:\cmldr
[2008.09.09 22:18:32 | 000,009,728 | ---- | M] () -- C:\ComboFix.txt
[2005.03.09 15:24:46 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
[2004.09.15 14:12:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009.10.11 21:04:43 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010.08.05 10:38:21 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2008.01.13 14:26:02 | 000,000,123 | ---- | M] () -- C:\inter.txt
[2004.09.15 14:12:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007.11.16 18:02:29 | 000,000,096 | ---- | M] () -- C:\lconfig.aot
[2004.09.15 14:12:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.09.15 15:09:24 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.11.06 23:09:01 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2008.01.17 23:13:40 | 000,001,089 | ---- | M] () -- C:\oberpfalz.txt
[2010.08.05 10:38:18 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2004.09.28 12:10:55 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2008.01.03 21:54:20 | 000,000,532 | ---- | M] () -- C:\TO_InstallLog.txt
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2004.09.15 14:12:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007.04.09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2001.10.29 04:40:00 | 000,134,928 | ---- | M] (QMS) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QMSMC2S.DLL
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
[2008.09.05 16:30:16 | 000,491,520 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\Macius Flugzeug.scr
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004.09.15 14:28:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.09.15 14:28:13 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.09.15 14:28:13 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 04:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2008.04.14 04:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 15:24:39
< End of report > --- --- --- Extras.txtOTL Logfile: Code:
OTL Extras logfile created on: 05.08.2010 14:05:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,00 Mb Total Physical Memory | 75,00 Mb Available Physical Memory | 15,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,16 Gb Total Space | 9,65 Gb Free Space | 25,28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,93 Gb Total Space | 1,16 Gb Free Space | 60,36% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC50672
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRAMME\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21F5098D-0C9E-4637-AD49-F037F6275990}" = NMAS-Client-Komponenten
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2ACD8074-2E1A-4A27-8D67-8F87EDE68A3B}" = PEC
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}" = Nero 8 Essentials
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.4-7)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.4 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"ERUNT_is1" = ERUNT 1.1j
"ExpressRip" = Express Rip
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Macius Flugzeug" = Macius Flugzeug Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDonald's Dragons " = McDonald's Dragons
"McDonald's Fairies " = McDonald's Fairies
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netzmanager" = Netzmanager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client für Windows
"NSS" = Norton Security Scan
"Pacific Poker" = Pacific Poker
"QuickTime 3.0" = QuickTime 3.0
"RZSetup" = RZ Setup
"Secunia PSI (RC3)" = Secunia PSI (RC3)
"SopCast" = SopCast 3.2.9
"Titan Poker" = Titan Poker
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.07.2010 13:55:18 | Computer Name = PC50672 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nmindexstoresvr.exe, Version 3.3.3.0, fehlgeschlagenes
Modul nmindexstoresvr.exe, Version 3.3.3.0, Fehleradresse 0x000c463a.
Error - 11.07.2010 14:16:07 | Computer Name = PC50672 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3828,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 13.07.2010 16:01:04 | Computer Name = PC50672 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nmindexstoresvr.exe, Version 3.3.3.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x023ab855.
Error - 14.07.2010 13:48:56 | Computer Name = PC50672 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nmindexstoresvr.exe, Version 3.3.3.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 03.08.2010 04:25:20 | Computer Name = PC50672 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nmindexstoresvr.exe, Version 3.3.3.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 03.08.2010 04:50:18 | Computer Name = PC50672 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ShowTime.exe, Version 4.3.2.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 03.08.2010 04:50:21 | Computer Name = PC50672 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ShowTime.exe, Version 4.3.2.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 03.08.2010 04:50:21 | Computer Name = PC50672 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ShowTime.exe, Version 4.3.2.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.08.2010 07:24:23 | Computer Name = PC50672 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.8324.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.08.2010 14:03:28 | Computer Name = PC50672 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
[ System Events ]
Error - 04.08.2010 07:05:26 | Computer Name = PC50672 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 04.08.2010 07:20:41 | Computer Name = PC50672 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 30
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 04.08.2010 07:20:41 | Computer Name = PC50672 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 04.08.2010 07:37:00 | Computer Name = PC50672 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache.
Error - 04.08.2010 08:02:20 | Computer Name = PC50672 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1068" aufgetreten, als der Dienst "upnphost"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56}
Error - 04.08.2010 08:03:08 | Computer Name = PC50672 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 04.08.2010 08:48:07 | Computer Name = PC50672 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Netzmanager
Infrastruktur Informationssystem Dienst.
Error - 05.08.2010 03:13:24 | Computer Name = PC50672 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 05.08.2010 03:13:24 | Computer Name = PC50672 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 05.08.2010 03:18:10 | Computer Name = PC50672 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache.
< End of report > --- --- --- Gmer.txt
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-05 14:02:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pwddapog.sys
---- Kernel code sections - GMER 1.0.15 ----
? nwfilter.sys Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\DRIVERS\rdpdr.sys[ntoskrnl.exe!FsRtlRegisterUncProvider] [F8B4C62E] nwfilter.sys
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!FsRtlRegisterUncProvider] [F8B4C62E] nwfilter.sys
IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!FsRtlRegisterUncProvider] [F8B4C62E] nwfilter.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
---- EOF - GMER 1.0.15 ---- Logfiles MBAM
Malwarebytes' Anti-Malware 1.27
Datenbank Version: 1130
Windows 5.1.2600 Service Pack 3
05.08.2010 10:18:51
mbam-log-2010-08-05 (10-18-51).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 49243
Laufzeit: 26 minute(s), 41 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Das war's!! Ich hoffe du kannst was damit anfangen!
Im voraus schon mal herzlichen Dank!!!
Gruß Stoffl |