Trojaner-Board - Trojan.Win32.Autorun

so, ich habe jetzt die geforderten scans gemacht:

die extras.txt:
[code]
OTL Logfile:

Code:

OTL Extras logfile created on: 20.06.2010 18:03:35 - Run 1

OTL by OldTimer - Version 3.2.6.0     Folder = C:\Dokumente und Einstellungen\XXXX\Desktop\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C07 | Country: XXXX | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 69,65 Gb Total Space | 19,16 Gb Free Space | 27,52% Space Free | Partition Type: NTFS

Drive D: | 69,64 Gb Total Space | 69,30 Gb Free Space | 99,52% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: XXXX

Current User Name: XXXX

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-2359842942-3597520615-241778524-1008\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" = C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe -- (NewTech InfoSystems, Inc.)

"C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" = C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe -- (NewTech Infosystems, Inc.)

"C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" = C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe -- ()

"C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe" = C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server -- ()

"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player -- (Tobit.Software)

"C:\Programme\Tobit ClipInc\Player\RadioRecorder.exe" = C:\Programme\Tobit ClipInc\Player\RadioRecorder.exe:*:Enabled:WDR RadioRecorder -- (Tobit.Software)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0C3651D8-22A4-E868-62FD-50A416853E2A}" = CCC Help Chinese Standard

"{0D9FEB48-2CAC-F487-5AB6-C2E7F83C8F60}" = CCC Help Chinese Traditional

"{0ED4D7CF-DB92-0D72-3DD3-846A8B57013D}" = Catalyst Control Center Localization Hungarian

"{0FDC2255-9294-4303-B05B-B4C6E89C2BB5}" = CCC Help Japanese

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{137847CE-F4FC-7EF7-42B0-13A846C3B647}" = Catalyst Control Center Localization Finnish

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18E410C2-9A08-0D5A-A8AC-B7E29780C93B}" = CCC Help Finnish

"{1AAEF53D-30FA-1667-EEE1-68B9180F12C6}" = Catalyst Control Center Core Implementation

"{2015DEE7-7F87-CCD5-BEB6-5D543EBEC9AE}" = Catalyst Control Center Localization Portuguese

"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder

"{22E12B40-C565-5957-1CC1-E7BEBC1B77B7}" = CCC Help Portuguese

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17

"{2BA2F736-7663-4C76-9425-40890A46F995}" = Catalyst Control Center - Branding

"{2DE88B87-AF8D-A391-9222-554181BEA2B9}" = Catalyst Control Center Graphics Full New

"{2E0FED74-0E65-2C6D-B834-E0EFD4BD5EDE}" = CCC Help Italian

"{3489FFCA-2355-5F31-F729-0CFF20950027}" = ccc-core-preinstall

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera 

"{3C0F0A1B-F2EC-AD3C-52AF-4DA06B09D83B}" = CCC Help Thai

"{3D195D09-5791-1AE0-A1D4-6835F3F2545A}" = Catalyst Control Center Localization Chinese Standard

"{3D3CA279-884F-8CD6-1ACA-EBAB94AB9F3F}" = Catalyst Control Center Localization Polish

"{3F23A07B-123C-9F57-609D-8D153916F49A}" = Catalyst Control Center Localization Thai

"{43CD2B7E-3697-D04D-0C42-9CF69B7897A2}" = Catalyst Control Center Localization Korean

"{44033775-1CE2-883D-9FF0-D3645A7C3368}" = Catalyst Control Center Localization Japanese

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8

"{61B9BC1E-F0E6-4A4F-98CB-A0D2EB2D7731}" = O2Micro Flash Memory Card Reader Driver (x86)

"{627BF8BE-E723-4FA2-DFD5-2BF2CA7000EB}" = CCC Help French

"{643162B0-CFA4-9618-79A3-8FB0D58955C0}" = CCC Help Greek

"{645424AF-2ABB-3ED3-DC56-DEC371740F98}" = Catalyst Control Center Localization Dutch

"{6455DD26-368B-9B09-BDDD-1F27C59E40F2}" = CCC Help Norwegian

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{65F075C5-E1A4-B376-3E7C-BE724FE76052}" = CCC Help English

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68B5A52F-CE99-0057-191F-66463728B2C9}" = Catalyst Control Center Localization Danish

"{6950EB38-C368-7BA4-A2FA-650A0834363B}" = CCC Help Czech

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D03AB23-1E1B-9BF0-4C91-98E2CFB5010A}" = CCC Help German

"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{756CC70B-F63A-BDC2-46C9-D4E6BA1E4CDF}" = Catalyst Control Center Localization Italian

"{75DFA344-E460-37FA-A479-8704FBD11532}" = CCC Help Swedish

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{812E3EDD-A282-1E4A-2E93-4E30EEDC1064}" = CCC Help Polish

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113149420}" = GHOST Hunters

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117760850}" = Agatha Christie - Dead Man’s Folly

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118013827}" = Natalie Brooks 3

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{892DAC32-2E42-825A-F347-F48B4ADA77F8}" = CCC Help Spanish

"{8AE0C0CC-A09D-9415-7311-9C9C5553B1D6}" = Catalyst Control Center Localization Czech

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9EB786BC-34AE-B8C2-BAD3-59E48A66CC72}" = CCC Help Korean

"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller

"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.9.2

"{A7E8536F-5F70-FD7C-1DD7-C19242C1007E}" = CCC Help Russian

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7B74DFC-9255-7E51-3F4C-34CB0006FA23}" = Catalyst Control Center Localization Spanish

"{B7BAB0E7-47F7-6DD7-7AAE-89103D08D445}" = Catalyst Control Center Localization Russian

"{B7E48B3F-E36A-4DFC-838C-89B2FC8874BA}" = Catalyst Control Center Localization Norwegian

"{B8040D64-3140-FAB7-4D3A-EE341ED906AF}" = Catalyst Control Center Localization French

"{B89F8614-157A-F2C7-F59A-41D56BAD91C4}" = CCC Help Hungarian

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C3F9FFFB-D994-BC9E-713A-B472821A85AA}" = CCC Help Danish

"{C625B0D0-F630-AA2D-4D3F-D25E157D974D}" = CCC Help Turkish

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD946097-A4AD-4BA4-C181-B500F38C9340}" = Catalyst Control Center Localization German

"{CDD4637D-1BF5-4C36-92C8-F7104D339612}" = Brother HL-2140

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{D0CB445F-3003-5706-6231-05AF99422F09}" = Catalyst Control Center Graphics Light

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D5CB2D47-80CE-22D8-CCAF-BEB68769B017}" = Catalyst Control Center Localization Greek

"{D7F6DCFD-DA39-D1E8-C12D-94B0BAA8C4F5}" = Catalyst Control Center Graphics Full Existing

"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration

"{DD70931C-B0ED-5519-951E-6819D1850389}" = ccc-utility

"{DECCA8AE-D9EC-00C0-0A78-9F95FF2AAC1B}" = CCC Help Dutch

"{DF6382FE-F95D-CED9-28DB-29C110CC5790}" = Catalyst Control Center Localization Swedish

"{E702CB52-4691-5EAF-E242-D5123FFEBB19}" = Catalyst Control Center Localization Turkish

"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser

"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8

"{F0F9FE06-4E18-0822-AA2A-93054C6DDA6C}" = ccc-core-static

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F99808D3-76CF-388A-2F53-24DA6735FE5A}" = Catalyst Control Center Localization Chinese Traditional

"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"681AC783AEB04C5FAFCADE7871FE96B87C602BAF" = Windows-Treiberpaket - Advanced Micro Devices Inc. AMD USB Filter Driver (05/27/2008 1.0.7.0)

"Acer Acer Bio Protection 6.0.00.19" = Acer Bio Protection
 

ATU 6.0.00.19

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"ATI Display Driver" = ATI Display Driver

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP

"GridVista" = Acer GridVista

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8

"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Tobit ClipInc Server" = WDR RadioRecorder

"virus utilities.2" = Ikarus Virus Utilities 1.0.166

"VLC media player" = VLC media player 1.0.3

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WinGimp-2.0_is1" = GIMP 2.6.8

"ZhornStickies" = Stickies 6.7a

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 26.01.2010 12:43:37 | Computer Name = XXXX | Source = PerfNet | ID = 2005

Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen 

werden.  Es werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene

 Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information

 ist DWORD 2.

 

Error - 26.01.2010 12:43:37 | Computer Name = XXXX | Source = PerfNet | ID = 2006

Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.

Es

 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode

 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.

 

Error - 27.01.2010 06:02:28 | Computer Name = XXXX | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 28.01.2010 13:41:36 | Computer Name = XXXX | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.01.2010 03:42:18 | Computer Name = XXXX | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.01.2010 07:08:06 | Computer Name = XXXX | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 03.02.2010 09:23:59 | Computer Name = XXXX | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung liveupdate.exe, Version 1.0.0.1, fehlgeschlagenes

 Modul mfc80u.dll, Version 8.0.50727.42, Fehleradresse 0x000596ee.

 

Error - 03.02.2010 09:24:04 | Computer Name = XXXX | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung liveupdate.exe, Version 1.0.0.1, fehlgeschlagenes

 Modul ntdll.dll, Version 5.1.2600.5512, Fehleradresse 0x00042b9f.

 

Error - 08.02.2010 06:39:02 | Computer Name = XXXX | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3642, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 08.02.2010 06:39:03 | Computer Name = XXXX | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3642, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 07.06.2010 15:09:36 | Computer Name = XXXX | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 07.06.2010 15:10:46 | Computer Name = XXXX | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 08.06.2010 14:03:28 | Computer Name = XXXX | Source = Dhcp | ID = 1000

Description = Die Lease dieses Computers zu der IP-Adresse 10.0.0.1 über die   Netzwerkkarte

 mit der Netzwerkadresse 001F16AD0EC1 ist verloren gegangen.

 

Error - 08.06.2010 17:30:34 | Computer Name = XXXX | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "autorun.inf" auf Volume "HarddiskVolume1"

 ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000000D" aufgetreten.

 Die Volumeüberwachung wurde angehalten.

 

Error - 09.06.2010 16:52:47 | Computer Name = XXXX | Source = ACPIEC | ID = 327681

Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht

 innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware

 oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere

 Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene

 Transaktion durchzuführen.

 

Error - 14.06.2010 03:21:00 | Computer Name = XXXX | Source = ACPIEC | ID = 327681

Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht

 innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware

 oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere

 Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene

 Transaktion durchzuführen.

 

Error - 14.06.2010 14:02:27 | Computer Name = XXXX | Source = ACPIEC | ID = 327681

Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht

 innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware

 oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere

 Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene

 Transaktion durchzuführen.

 

Error - 15.06.2010 11:32:12 | Computer Name = XXXX | Source = ACPIEC | ID = 327681

Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht

 innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware

 oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere

 Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene

 Transaktion durchzuführen.

 

Error - 17.06.2010 17:44:04 | Computer Name = XXXX | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 17.06.2010 17:44:59 | Computer Name = XXXX | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   abp480n5  adpu160m  agp440  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint  asc  asc3350p

asc3550

atapi

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

hpn

i2omp

ini910u

IntelIde

mraid35x

PCIIde

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

ultra

viaagp

ViaIde

 

< End of report >

--- --- ---

und die otl.txt:

[code]
OTL Logfile:

Code:

OTL logfile created on: 20.06.2010 18:03:35 - Run 1

OTL by OldTimer - Version 3.2.6.0     Folder = C:\Dokumente und Einstellungen\XXXX\Desktop\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C07 | Country: XXXX | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 69,65 Gb Total Space | 19,16 Gb Free Space | 27,52% Space Free | Partition Type: NTFS

Drive D: | 69,64 Gb Total Space | 69,30 Gb Free Space | 99,52% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: XXXX

Current User Name: XXXX

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\XXXX\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Ikarus\virus utilities\bin\guardxservice.exe (Ikarus Security Software GmbH)

PRC - C:\Programme\Ikarus\virus utilities\bin\guardxkickoff.exe (Ikarus Security Software GmbH)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\stickies\stickies.exe (Zhorn Software)

PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()

PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ()

PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe ()

PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)

PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)

PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\XXXX\Desktop\OTL\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)

MOD - C:\Programme\Acer\Empowering Technology\ePower\SysHook.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (GuardX) -- C:\Programme\Ikarus\virus utilities\bin\guardxservice.exe (Ikarus Security Software GmbH)

SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()

SRV - (ClipInc001) -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ()

SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)

SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()

SRV - (BUNAgentSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)

SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (o2flash) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)

SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NTGUARD) -- C:\Programme\Ikarus\virus utilities\bin\ntguard.sys (IKARUS Security Software GmbH)

DRV - (AlfaFF) -- C:\WINDOWS\system32\Drivers\AlfaFF.sys (Alfa Corporation)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)

DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )

DRV - (usbfilter) -- C:\WINDOWS\system32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)

DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)

DRV - (ahcix86) -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys (AMD Technologies Inc.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)

DRV - (TpChoice) -- C:\WINDOWS\system32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()

DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (Int15) -- C:\WINDOWS\system32\drivers\int15.sys ()

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)

DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xpp&d=0909&m=travelmate_5530

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xpp&d=0909&m=travelmate_5530

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2359842942-3597520615-241778524-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xpp&d=0909&m=travelmate_5530

IE - HKU\S-1-5-21-2359842942-3597520615-241778524-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2359842942-3597520615-241778524-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.wordle.net/

IE - HKU\S-1-5-21-2359842942-3597520615-241778524-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.startup.homepage: "hxxp://service.gmx.net/de/cgi/g.fcgi/error/session?sid=xt.77"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9

FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4

FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.3

FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: timetrack@usablehack.com:1.2.5

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.09 16:13:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.07 18:31:37 | 000,000,000 | ---D | M]

 

[2009.09.06 19:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Extensions

[2010.06.20 12:46:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions

[2009.11.29 13:23:43 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2009.09.07 20:28:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.03.29 16:29:00 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009.09.06 21:14:06 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

[2009.11.29 13:23:54 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}

[2010.03.23 20:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\isreaditlater@ideashower.com

[2010.03.04 23:47:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\moveplayer@movenetworks.com

[2009.11.29 13:23:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\personas@christopher.beard

[2009.09.06 21:04:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\timetrack@usablehack.com

[2010.06.20 17:58:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2009.09.13 11:55:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Boot] C:\Programme\Acer\Empowering Technology\ePower\Boot.exe ()

O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe ()

O4 - HKLM..\Run: [eRecoveryService] C:\Programme\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

O4 - HKLM..\Run: [Ikarus-GuardX] C:\Programme\Ikarus\virus utilities\bin\guardxkickoff.exe (Ikarus Security Software GmbH)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe File not found

O4 - HKU\S-1-5-21-2359842942-3597520615-241778524-1008..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Dokumente und Einstellungen\XXXX\Startmenü\Programme\Autostart\Stickies.lnk = C:\Programme\stickies\stickies.exe (Zhorn Software)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2359842942-3597520615-241778524-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-2359842942-3597520615-241778524-1008 Winlogon: Shell - (C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\cift.exe) - C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\cift.exe File not found

O20 - HKU\S-1-5-21-2359842942-3597520615-241778524-1008 Winlogon: Shell - (C:\DOKUME~1\XXXX~1\LOKALE~1\Temp\609.exe) - C:\DOKUME~1\XXXX~1\LOKALE~1\Temp\609.exe File not found

O20 - HKU\S-1-5-21-2359842942-3597520615-241778524-1008 Winlogon: Shell - (C:\DOKUME~1\XXXX~1\LOKALE~1\Temp\597.exe) - C:\DOKUME~1\XXXX~1\LOKALE~1\Temp\597.exe File not found

O20 - HKU\S-1-5-21-2359842942-3597520615-241778524-1008 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-2359842942-3597520615-241778524-1008 Winlogon: Shell - (C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\mrpky.exe) - C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\mrpky.exe File not found

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.07.07 00:05:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{415bff8d-7238-11df-aa11-00265e8053ca}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{415bff8d-7238-11df-aa11-00265e8053ca}\Shell\AutoRun\command - "" = F:\SVABICE\\\\\ZABICE.exe -- File not found

O33 - MountPoints2\{415bff8d-7238-11df-aa11-00265e8053ca}\Shell\explore\command - "" = F:\SVABICE\\\\\\ZABICE.exe -- File not found

O33 - MountPoints2\{415bff8d-7238-11df-aa11-00265e8053ca}\Shell\open\command - "" = F:\SVABICE\\\\\\ZABICE.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.09.05 06:18:24 | 000,000,000 | ---D | M]

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()

MsConfig - StartUpReg: BrStsWnd - hkey= - key= - C:\Programme\Brownie\BrstsWnd.exe (brother)

MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found

MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found

MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found

MsConfig - StartUpReg: PLFSetI - hkey= - key= - C:\WINDOWS\PLFSetI.exe ()

MsConfig - StartUpReg: PLFSetL - hkey= - key= - C:\WINDOWS\PLFSetL.exe (sonix)

MsConfig - StartUpReg: preload - hkey= - key= - C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)

MsConfig - StartUpReg: ProductReg - hkey= - key= - C:\Programme\Acer\WR_PopUp\ProductReg.exe (Acer)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: GuardX - C:\Programme\Ikarus\virus utilities\bin\guardxservice.exe (Ikarus Security Software GmbH)

SafeBootMin: NTGUARD - C:\Programme\Ikarus\virus utilities\bin\ntguard.sys (IKARUS Security Software GmbH)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: GuardX - C:\Programme\Ikarus\virus utilities\bin\guardxservice.exe (Ikarus Security Software GmbH)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTGUARD - C:\Programme\Ikarus\virus utilities\bin\ntguard.sys (IKARUS Security Software GmbH)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C87D1CF-1592-4BFA-9B3E-380580EFAF51} - Hotfix for Microsoft .NET Framework 2.0 (KB923319)

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {A1D5A6B2-B620-41F9-B435-10A4FF3C18A2} - Hotfix for Microsoft .NET Framework 2.0 (KB922981)

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183584330711040)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.20 18:01:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL

[2010.06.18 00:14:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Desktop\Malwarebytes

[2010.06.17 23:29:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Malwarebytes

[2010.06.17 23:28:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.06.17 23:28:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.06.17 23:28:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.06.17 23:28:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.06.17 23:06:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Desktop\HiJackThis

[2010.06.17 21:41:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010.06.09 00:20:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure

[2010.06.08 11:36:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Desktop

[2010.06.07 21:29:26 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy

[2010.06.07 21:29:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

[2010.06.07 21:25:30 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Dokumente und Einstellungen\XXXX\Desktop\spybotsd162.exe

[2010.06.07 20:48:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009.09.05 06:40:43 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

[2009.09.04 22:00:52 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[2009.09.04 22:00:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.06.20 17:57:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.20 17:56:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.20 17:56:39 | 1877,323,776 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.20 16:53:34 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXXX\NTUSER.DAT

[2010.06.20 16:53:24 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\XXXX\ntuser.ini

[2010.06.20 16:53:09 | 005,360,842 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.06.20 12:34:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.19 00:00:47 | 000,409,088 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Desktop\Garten.doc

[2010.06.17 21:44:48 | 000,000,500 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2010.06.12 11:00:45 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.06.08 11:48:35 | 000,026,347 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\bookmarks-2010-06-08.json

[2010.06.07 21:29:33 | 000,000,914 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Desktop\Spybot - Search & Destroy.lnk

[2010.06.07 21:25:49 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Dokumente und Einstellungen\XXXX\Desktop\spybotsd162.exe

[2010.06.07 20:50:19 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini

[2010.06.07 20:50:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.06.07 20:50:19 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2010.06.07 19:36:02 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Brownie.ini

[2010.06.02 15:06:48 | 000,044,032 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Desktop\NachhaltigkeitslisteII.doc

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.06.18 18:33:49 | 000,409,088 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Desktop\Garten.doc

[2010.06.17 21:42:31 | 000,000,500 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2010.06.08 11:48:35 | 000,026,347 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\bookmarks-2010-06-08.json

[2010.06.07 21:29:33 | 000,000,914 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Desktop\Spybot - Search & Destroy.lnk

[2010.06.07 21:11:34 | 1877,323,776 | -HS- | C] () -- C:\hiberfil.sys

[2010.06.03 16:29:42 | 000,044,032 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Desktop\NachhaltigkeitslisteII.doc

[2009.11.27 20:07:50 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll

[2009.09.06 19:18:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009.09.06 18:53:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2009.09.06 18:45:55 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2009.09.06 18:45:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2009.09.06 18:45:35 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI

[2009.09.06 18:45:35 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini

[2009.09.06 18:44:48 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2009.09.05 06:38:11 | 000,000,038 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini

[2009.09.04 22:12:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.INI

[2009.09.04 22:02:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\VMC3KAPI.dll

[2009.09.04 22:00:54 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009.09.04 22:00:54 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009.09.04 22:00:52 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys

[2009.09.04 22:00:52 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys

[2009.09.04 22:00:52 | 000,000,169 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini

[2009.09.04 22:00:38 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll

[2009.09.04 22:00:38 | 000,000,169 | ---- | C] () -- C:\WINDOWS\PidList.ini

[2009.09.04 18:00:47 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.03.23 17:40:06 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008.09.03 03:42:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008.09.03 01:58:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll

[2008.09.03 01:58:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll

[2008.09.03 01:57:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2008.09.03 01:57:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll

[2008.04.14 06:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys

[2006.03.10 23:18:16 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2003.11.25 00:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll

[2003.11.25 00:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll

[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

 
 ========== LOP Check ==========

 

[2009.09.04 22:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSobi

[2010.06.09 00:20:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure

[2010.02.22 16:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flood Light Games

[2009.09.06 19:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo

[2010.02.23 19:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2009.09.04 22:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB

[2009.09.05 06:09:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[2009.09.17 21:10:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\cerasus.media

[2010.02.22 16:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Flood Light Games

[2010.02.22 22:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Friday's games

[2009.09.04 18:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\InterVideo

[2010.06.20 17:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\stickies

[2009.11.27 20:08:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Tobit

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.09.06 21:19:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Adobe

[2009.11.26 21:22:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Apple Computer

[2009.09.04 22:15:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\ATI

[2009.09.06 18:53:37 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Brother

[2009.09.17 21:10:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\cerasus.media

[2009.09.04 18:14:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Corel

[2010.06.06 14:24:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\dvdcss

[2010.02.22 16:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Flood Light Games

[2010.02.22 22:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Friday's games

[2009.09.04 23:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Google

[2009.09.05 06:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Identities

[2009.09.04 22:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\InstallShield

[2009.09.04 18:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\InterVideo

[2009.09.04 22:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Macromedia

[2010.06.17 23:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Malwarebytes

[2009.11.26 21:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Media Player Classic

[2010.03.18 22:00:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Microsoft

[2010.03.04 23:52:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Move Networks

[2009.09.06 19:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla

[2010.05.02 23:38:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Skype

[2010.05.02 20:00:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\skypePM

[2010.06.20 17:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\stickies

[2009.12.19 14:39:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Sun

[2009.11.27 20:08:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Tobit

[2010.06.06 14:24:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\vlc

 
 < %APPDATA%\*.exe /s >

[2009.11.27 19:59:03 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe

[2009.11.27 19:59:03 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 06:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys

[2008.04.14 06:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

 
 < MD5 for: AHCIX86.SYS  >

[2008.03.08 06:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\WINDOWS\system32\drivers\ahcix86.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.04.14 06:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys

[2008.04.14 06:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 06:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008.04.14 06:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008.04.14 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 06:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008.04.14 06:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 06:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008.04.14 06:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.04.14 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2008.04.14 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.07.07 01:56:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2008.07.07 01:56:30 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2008.07.07 01:56:30 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.04.30 07:04:58 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 150 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2E0A3B1D

@Alternate Data Stream - 144 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D3FFFBA9

@Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B894C266

< End of report >

--- --- ---

so erledigt!

otl - runfix:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.

========== FILES ==========

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: XXXX

->Flash cache emptied: 50009 bytes

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 3821897 bytesF

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: XXXX

->Temp folder emptied: 371922683 bytes

->Temporary Internet Files folder emptied: 42676849 bytes

->Java cache emptied: 52220942 bytes

->FireFox cache emptied: 33516894 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 4128425 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 21493289 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 6363 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 49632 bytes

RecycleBin emptied: 973374 bytes

 

Total Files Cleaned = 506,00 mb

 

 

OTL by OldTimer - Version 3.2.6.0 log created on 06202010_202028
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

und der combofix-log:

Code:

Combofix Logfile:
 

        Code:


        
ComboFix 10-06-20.01 - XXXX 20.06.2010  22:14:03.1.2 - x86

Microsoft Windows XP Professional   [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\XXXX\Desktop\ComboFix.exe

AV: virus.utilities *On-access scanning disabled* (Updated) {BE7BB2A0-CF28-4313-9259-FE784ADE7AEF}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll

c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll

c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\ogg.dll

c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\vorbis.dll

c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll

c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-20 bis 2010-06-20  ))))))))))))))))))))))))))))))

.
 

2010-06-20 18:20 . 2010-06-20 18:20        --------        d-----w-        C:\_OTL

2010-06-17 21:29 . 2010-06-17 21:29        --------        d-----w-        c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Malwarebytes

2010-06-17 21:28 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-17 21:28 . 2010-06-17 21:28        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-06-17 21:28 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-06-17 21:28 . 2010-06-17 21:29        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-06-17 19:41 . 2010-06-17 19:41        --------        d--h--w-        c:\windows\system32\GroupPolicy

2010-06-08 22:20 . 2010-06-08 22:20        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\F-Secure

2010-06-07 19:29 . 2010-06-20 18:14        --------        d-----w-        c:\programme\Spybot - Search & Destroy

2010-06-07 19:29 . 2010-06-20 18:13        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-20 20:20 . 2009-09-06 18:26        --------        d-----w-        c:\dokumente und einstellungen\XXXX\Anwendungsdaten\stickies

2010-06-06 12:24 . 2009-11-27 18:25        --------        d-----w-        c:\dokumente und einstellungen\XXXX\Anwendungsdaten\vlc

2010-06-06 12:24 . 2009-11-27 17:56        --------        d-----w-        c:\dokumente und einstellungen\XXXX\Anwendungsdaten\dvdcss

2010-05-02 21:38 . 2009-09-06 18:40        --------        d-----w-        c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Skype

2010-05-02 18:00 . 2009-09-06 18:41        --------        d-----w-        c:\dokumente und einstellungen\XXXX\Anwendungsdaten\skypePM

2010-04-15 15:03 . 2009-09-04 21:34        270488        ----a-w-        c:\windows\system32\ikmapi.dll

2010-04-15 15:03 . 2009-09-04 21:34        130408        ----a-w-        c:\windows\system32\ikproc.dll

2010-03-30 14:18 . 2008-09-03 01:39        76384        ----a-w-        c:\windows\system32\perfc007.dat

2010-03-30 14:18 . 2008-09-03 01:39        417904        ----a-w-        c:\windows\system32\perfh007.dat

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]

"AzMixerSel"="c:\programme\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]

"ePower_DMC"="c:\programme\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]

"Boot"="c:\programme\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]

"eRecoveryService"="c:\programme\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-08 864576]

"Ikarus-GuardX"="c:\programme\Ikarus\virus utilities\bin\guardxkickoff.exe" [2010-04-15 2062688]

"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-12-19 149280]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\XXXX\Startmen\Programme\Autostart\

Stickies.lnk - c:\programme\stickies\stickies.exe [2009-9-6 765952]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GuardX]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTGUARD]

@=""
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17        952768        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 00:57        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

2008-04-25 19:36        28672        ----a-w-        c:\programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]

2008-01-08 07:28        864256        ------w-        c:\programme\Brownie\BrStsWnd.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2008-04-14 04:00        208952        ----a-w-        c:\windows\ime\imjp8_1\imjpmig.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 04:52        1695232        ------w-        c:\programme\Messenger\msmsgs.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2008-04-14 04:00        59392        ----a-w-        c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 04:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 04:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]

2008-07-29 17:29        200704        ----a-w-        c:\windows\PLFSetI.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]

2007-07-05 10:35        94208        ----a-w-        c:\windows\PLFSetL.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]

2007-04-21 00:56        20480        ----a-w-        c:\windows\RunXMLPL.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]

2008-11-17 07:47        135168        ----a-w-        c:\programme\Acer\WR_PopUp\ProductReg.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-04 23:54        417792        ----a-w-        c:\programme\QuickTime\QTTask.exe
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=

"c:\\Programme\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=

"c:\\Programme\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=

"c:\\Programme\\Tobit ClipInc\\Server\\ClipInc-Server.exe"=

"c:\\Programme\\Tobit ClipInc\\Player\\ClipInc-Player.exe"=

"c:\\Programme\\Tobit ClipInc\\Player\\RadioRecorder.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [08.03.2008 06:24 176136]

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [04.09.2009 22:01 42608]

R1 NTGUARD;NTGUARD;c:\programme\Ikarus\virus utilities\bin\ntguard.sys [15.04.2010 17:01 164144]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03.03.2008 13:11 16384]

R2 ClipInc001;ClipInc 001;c:\programme\Tobit ClipInc\Server\ClipInc-Server.exe 001 --> c:\programme\Tobit ClipInc\Server\ClipInc-Server.exe 001 [?]

R2 GuardX;GuardX;c:\programme\Ikarus\virus utilities\bin\guardxservice.exe [15.04.2010 17:03 1222208]

R2 IGBASVC;iGroupTec Service;c:\programme\Acer\Acer Bio Protection\BASVC.exe [04.09.2009 22:01 3566080]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25.04.2008 21:36 45056]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25.04.2008 21:36 131072]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.04.2007 20:09 11032]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13.05.2008 21:49 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12.06.2008 18:30 43608]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [28.05.2008 17:54 22072]

S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26.12.2007 07:23 17968]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.wordle.net/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xpp&d=0909&m=travelmate_5530

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)

FF - prefs.js: browser.startup.homepage - hxxp://service.gmx.net/de/cgi/g.fcgi/error/session?sid=xt.77

FF - prefs.js: network.proxy.type - 4

FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\c8iy1jm6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-Run-ZPdtWzdVitaKey MC3000 - c:\programme\Acer\Acer Bio Protection\PdtWzd.exe

AddRemove-HijackThis - c:\dokume~1\XXXX~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net

Rootkit scan 2010-06-20 22:21

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'explorer.exe'(4968)

c:\windows\system32\btmmhook.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\programme\Tobit ClipInc\Server\ClipInc-Server.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programme\O2Micro Flash Memory Card Driver\o2flash.exe

c:\programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe

c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-06-20  22:25:02 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-06-20 20:24
 

Vor Suchlauf: 15 Verzeichnis(se), 20.944.220.160 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 20.843.147.264 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
 

- - End Of File - - D91CC82BD7764154821EE0A914A7F596

 
--- --- ---