Trojaner-Board - AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen (https://www.trojaner-board.de/96738-antivir-zeigt-fund-trojaners-tr-crypt-xpack-gen.html)

AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen

Gute(n) Tag/Nacht Trojaner-board-Team,

während der Google-Bilder-Suche tauchte eine AntiVir Meldung auf, dass auf meinem Computer der Trojaner "TR/Crypt.XPACK.Gen" gefunden wurde. :killpc:

Beim Versuch den Trojaner mit Hilfe des AntiVir Fundmeldungsfensters zu löschen, veränderte sich meines Erachtens nur der Dateiname und die Fundmeldung tauchte nach jedem Löschvorgang wieder auf. Es wurde aber weiterhin der Trojaner "TR/Crypt.XPACK.Gen" als Fund angezeigt. Anwählen des Feldes "Zugriff verweigern" führte zum selben Ergebnis bzw. dazu, dass die Fundmeldung nicht mehr auftauchte.

Ich habe mit Hilfe der Antivir Chronik die Fehlermeldungen in einem "Screenshot-mashup" zusammengestellt, und die sich ändernden Dateinamen mit einer roten Ellypse markiert. (siehe Screenshot 1)

Nach dem Googeln des Trojaners wurde ich auf diesen Thread:

http://www.trojaner-board.de/55718-a...xpack-gen.html

in ihrem Forum aufmerksam.

Da sich hier im Verlaufe der Bearbetung der Sachlage eine Neuinstallation in Folge eines Neustarts als unvermeidbar heraus stellte, verzichtete ich auf das Ausführen jeglicher Programme die einen Neustart auslösen.

(Malwarebytes' hat den PC neugestartet und ich habe es nicht verhindern können, hat sich aber als ungefährlich herausgestellt)

:pfeiff:
Auch auf das in den Tipps zur Threaderstellung empfohlene "Load.exe".

Denn ich verfüge über keine Windows-cd oder dergleichen, da der Laptop ein Geschenk war.

Ich habe einen kompletten Scan mit AntiVir (kein Scanlog oder ähnliches vorhanden) und Malwarebytes' durchlaufen lassen. Wobei beide Scans teilweise zur gleichen Zeit liefen.
Nach dem Antivirscan tauchte abermals die Fundmeldung des Trojaners auf mit dem Hinweis, das er nicht in die Quarantäne verschoben werden konnte.

Ich habe daraufhin, die Option "Gesperrte Datei nach Neustart löschen gewählt".

Ich hoffe, ich habe die Tipps korrekt gehandhabt (trotz des Absehens von "Load.exe") und auf eine baldige Antwort.

MfG und einem :dankeschoen:

m4D_guY

Malwarebytes':

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6137

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.03.2011 03:51:11
mbam-log-2011-03-23 (03-51-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 324694
Laufzeit: 1 Stunde(n), 36 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{b1c584c6-9b5f-44fc-9f73-34a94ff1bd8c}\rp68\a0008972.exe (PUP.HackTool.LOIC) -> Quarantined and deleted successfully.
d:\system volume information\_restore{b1c584c6-9b5f-44fc-9f73-34a94ff1bd8c}\rp68\a0008973.exe (PUP.HackTool.LOIC) -> Quarantined and deleted successfully.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Nein, da ich Malewarebytes erst nach auftauchen des Trojaners installiert habe.
Ich habe allerdings noch einmal einen Scan durchlaufen lassen. Diesmal jedoch nur einen Quickscan.
Sollte ich noch andere Programme installieren und benutzen?

2. Malewarebytesscan:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6137

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.03.2011 14:27:40
mbam-log-2011-03-23 (14-27-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152256
Laufzeit: 5 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

OK hier sind die beiden ScansOTL Logfile:

Code:

OTL Extras logfile created on: 23.03.2011 15:37:18 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,10 Gb Total Space | 49,83 Gb Free Space | 53,52% Space Free | Partition Type: FAT32

Drive D: | 139,70 Gb Total Space | 51,47 Gb Free Space | 36,85% Space Free | Partition Type: FAT32

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"D:\Spiele\Rise and Fall\RiseAndFall.exe" = D:\Spiele\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War -- (Midway Home Entertainment)

"D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe" = D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)

"D:\Spiele\Two Worlds\TwoWorlds.exe" = D:\Spiele\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump)

"D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe" = D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump)

"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"D:\Spiele\Stronghold 2\Stronghold2.exe" = D:\Spiele\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"D:\Spiele\Mass Effect\Binaries\MassEffect.exe" = D:\Spiele\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"D:\Spiele\Mass Effect\MassEffectLauncher.exe" = D:\Spiele\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07E23E10-F663-5D23-6393-DC82AFC8B475}" = ccc-core-static

"{0CE42E4B-82AA-41AE-BB33-E0307555D4C9}" = Catalyst Control Center Localization Chinese Standard

"{0FFC10A2-3B60-283D-0DDE-91EF4A3B0969}" = Catalyst Control Center Localization Finnish

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18742725-FAAF-4FF5-AA21-88A5814BC9CE}" = Audiograbber 1.83 SE

"{18F98693-AF94-11FC-0650-25E724F58C9E}" = Catalyst Control Center Graphics Full Existing

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{221F14FF-7DAA-70C4-3A46-FA50EC2AB6E1}" = CCC Help Portuguese

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{27A5A63B-3290-F55F-FD6D-D8F87CC0006F}" = Catalyst Control Center Localization Thai

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2B85C4A2-9E74-E583-01A8-B947172F39D4}" = Catalyst Control Center Localization Japanese

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004

"{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{33CD74BF-8544-15AF-D4A9-BA1791550927}" = Catalyst Control Center Core Implementation

"{344C4348-6397-FEEB-ADE5-98D95D5A87E3}" = CCC Help Chinese Standard

"{34D1C6F2-5B2C-A27E-CC6D-FE55B78DEB69}" = Catalyst Control Center Localization Spanish

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium

"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32

"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear

"{44F934C2-3CFB-1229-6872-35F3662268F6}" = Catalyst Control Center Localization French

"{461B9564-65CB-1D4A-46B2-CC27DC4F07EC}" = CCC Help Swedish

"{4F400CD4-ABB5-5973-8F0C-40BBF28C0B8C}" = CCC Help Turkish

"{4FBA95A6-7F4E-6ED0-EA7A-A3C46A64A51E}" = CCC Help Thai

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{5039F71C-7A31-568E-D002-07FF5F95ACBF}" = CCC Help English

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{52326763-A5B3-9514-4655-A82828CD9B2D}" = Catalyst Control Center Localization Norwegian

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{539D0779-8D8D-9BB8-8D1C-F04C647B6267}" = CCC Help German

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{571A9704-FA7C-9560-7AEF-2B630DCB894B}" = CCC Help Spanish

"{579141D6-019E-A917-97A3-359E87EDC2C2}" = Catalyst Control Center Localization Czech

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{5954CB86-A47E-F865-A534-2473C7500EA4}" = Catalyst Control Center Localization German

"{5A02B151-2AA2-D1C6-6165-F6AA00C1D9C4}" = Catalyst Control Center Localization Turkish

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos

"{5F407E27-927F-3997-EDF1-2EF57FE14328}" = CCC Help Italian

"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60829E1B-6DD2-2D98-ED53-BA097E84A954}" = Catalyst Control Center Localization Russian

"{6179B0A4-9A6D-9793-9839-30A637DD70FB}" = Catalyst Control Center Localization Dutch

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6DEAD32C-7067-6AA8-5CDB-A1FDCA44A4B6}" = Catalyst Control Center Graphics Previews Common

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739ECDBA-F065-73DB-0553-BA8A4F8B4753}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78155353-3D54-2FCA-395D-1BABEEC2C562}" = CCC Help Korean

"{793D040C-F449-8EE9-484F-F9084321D747}" = CCC Help Dutch

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{7F6B6DC9-F082-5A97-A240-1D71042C00CA}" = Catalyst Control Center Localization Chinese Traditional

"{7F976697-3404-1BBE-48A4-EB154BE2492B}" = CCC Help Chinese Traditional

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{81CC6FB7-8EF6-0ACB-60EC-B0F035B2EDCA}" = Catalyst Control Center Localization Danish

"{8238F0E3-34A4-47DE-A78A-8753C21EFAC0}" = CCC Help Russian

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{850C4C12-57E2-43E4-B66B-B08B120C55F3}" = FireBurner

"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006

"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold

"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5

"{8734AA3A-E94D-2A2E-4B37-902E104DFC46}" = Catalyst Control Center Localization Polish

"{87911A27-1567-42B0-B8B7-2150D20E7AB6}" = DDBAC

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90A50153-331D-FFFF-4F21-D146672B3AB7}" = Catalyst Control Center Localization Italian

"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a

"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean

"{9757A86E-ACAB-9AE2-2B51-B78AD70B0DFD}" = Catalyst Control Center Graphics Light

"{97AFD0D8-5720-4A59-BFDC-CB92A36FADF9}_is1" = Company of Heroes: Eastern Front 1.20

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{9920A86F-A622-2D1C-0BE6-D872B8FD2A2B}" = CCC Help Japanese

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A73B5BA6-2540-C173-6AC9-2110778D3EB4}" = CCC Help Greek

"{A75C66FD-02D5-4D0D-DCB1-6C2730B3E4AF}" = Catalyst Control Center Localization Greek

"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI

"{A8B30A2D-5428-6259-3CC8-81F725B44130}" = CCC Help Finnish

"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF5FFB4C-3175-9482-4F03-D68AB423368A}" = Catalyst Control Center Localization Swedish

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B05A5743-AF48-60B3-BEFD-0F042FDB75B4}" = ccc-utility

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BFD9BF35-B5B3-B021-8F71-9D0137AAB57F}" = ccc-core-preinstall

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk

"{C27DC823-0996-5109-2F03-C8BD43963438}" = CCC Help Polish

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{DAEB7FC7-1AAB-499A-241E-F54D1DD1725D}" = Catalyst Control Center Localization Korean

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DE486CCB-3C9B-7EEE-1328-2209EC6500EC}" = Catalyst Control Center Localization Portuguese

"{E0260323-5186-AAA6-43AD-48AE0E475689}" = CCC Help Czech

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39F7325-FFE5-EDEC-044B-812BA1B0C8F2}" = CCC Help French

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E5F9A595-3E77-55AB-6109-06C02BBC7F36}" = Skins

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EA759367-590A-AE0D-B2B0-E89151ACB9AE}" = CCC Help Hungarian

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID

"{F0B6BD72-54C6-F391-7AD8-DA26D572752A}" = CCC Help Danish

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall

"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F92EAC2A-1CBC-F17C-C3F0-E79C3697CE79}" = Catalyst Control Center Localization Hungarian

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"{FC9B3A61-FD27-85DE-C8DC-F04D7944B4B2}" = Catalyst Control Center Graphics Full New

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"AnyDVD" = AnyDVD

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CDex" = CDex extraction audio

"CloneCD" = CloneCD

"CloneDVD2" = CloneDVD2

"Company of Heroes" = Company of Heroes

"DivX Setup.divx.com" = DivX-Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch

"EAX Unified" = EAX Unified

"Flyingcode NFO-Viewer_is1" = Flyingcode NFO-Viewer 1.0

"Freelancer 1.0" = Freelancer

"Guild Wars" = GUILD WARS

"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
 

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0

"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002

"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 1.9

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.27091

"Mafia" = Mafia

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"map&guide 11 Karte Deutschland City" = map&guide 11 Karte Deutschland City

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QVP" = Quick View Plus

"RegSupreme Pro_is1" = RegSupreme Pro 1.2

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"Soldat_is1" = Soldat 1.5.0

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"Steam App 240" = Counter-Strike: Source

"Steam App 630" = Alien Swarm

"Tunngle beta_is1" = Tunngle beta

"TVgenial" = TVgenial

"Two Worlds" = Two Worlds

"UltraISO_is1" = UltraISO 8.0 Premium Edition

"VLC media player" = VideoLAN VLC media player 0.8.2

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR Archivierer

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

"XviD_is1" = XviD 1.1 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.03.2011 15:51:51 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 18.03.2011 16:13:50 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 10:23:01 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 15:52:06 | Computer Name = JOHANNES-LAPTOP | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.

 

Error - 20.03.2011 13:20:38 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 21.03.2011 16:58:49 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 11:35:04 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 16:53:52 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:03:34 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:04:01 | Computer Name = JOHANNES-LAPTOP | Source = ESENT | ID = 490

Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 22.03.2011 16:54:09 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 16:54:09 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 19:06:46 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 22.03.2011 19:07:28 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 22.03.2011 23:01:31 | Computer Name = JOHANNES-LAPTOP | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 10:35:55 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 23.03.2011 15:37:18 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,10 Gb Total Space | 49,83 Gb Free Space | 53,52% Space Free | Partition Type: FAT32

Drive D: | 139,70 Gb Total Space | 51,47 Gb Free Space | 36,85% Space Free | Partition Type: FAT32

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)

PRC - C:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)

PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\ASScrPro.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Programme\ATK Hotkey\WDC.exe ()

PRC - C:\Programme\ATK Hotkey\HControlUser.exe ()

PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\WINDOWS\system32\acs.exe (Atheros)

PRC - C:\Programme\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Programme\Wireless Console 2\wcourier.exe ()

PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

PRC - C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) --  File not found

SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

SRV - (PDEngine) -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDSched) -- C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)

SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)

DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AsDsm) -- C:\WINDOWS\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()

DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)

DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)

DRV - (ddxgb) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ddxgb.sys ()

DRV - (Defrag32b) -- C:\WINDOWS\System32\drivers\defrag32b.sys (Raxco Software, Inc.)

DRV - (Defrag32) -- C:\WINDOWS\System32\drivers\defrag32.sys (Raxco Software, Inc.)

DRV - (siside) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)

DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)

DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)

DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)

DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)

DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)

DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)

DRV - (ASNDIS5) -- C:\Programme\ATK Hotkey\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.09.24 19:27:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.09.24 19:27:54 | 000,000,000 | ---D | M]

 

[2008.12.24 17:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2008.12.24 16:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions

[2011.01.17 15:46:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2008.12.26 21:16:18 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\youtube-videosuche.xml

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\conduit.xml

[2008.09.24 19:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 23:33:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 23:33:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 23:33:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 23:33:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 23:33:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.06.01 19:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100)

O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Programme\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [MsgTranAgt] C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.09.24 21:46:32 | 000,000,718 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2008.05.01 18:36:21 | 000,726,248 | R--- | M] (BioWare) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.11.15 23:48:02 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.23 15:36:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 01:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.03.23 01:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.03.23 01:57:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.23 01:47:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 15:08:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare

[2011.03.20 18:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GUILD WARS

[2011.03.20 18:56:31 | 000,165,248 | ---- | C] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.15 17:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

[2011.03.15 17:48:32 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine

[2011.03.11 15:17:12 | 000,000,000 | -HSD | C] -- C:\FOUND.009

[2008.09.24 22:28:41 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.23 15:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 14:03:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.03.23 14:03:16 | 000,285,471 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.03.23 04:15:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011.03.23 03:09:32 | 000,142,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:26 | 000,140,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:44 | 000,179,279 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 03:00:18 | 003,840,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:24 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:16 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.23 01:48:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 23:31:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.03.22 15:08:58 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:04 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.20 18:56:28 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.18 19:46:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.03.14 23:48:56 | 000,014,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.11 12:34:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.03.04 18:31:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.03.04 17:18:08 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.03.03 18:39:02 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.23 03:09:31 | 000,142,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:24 | 000,140,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:43 | 000,179,279 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 02:58:01 | 003,840,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:23 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:23 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.22 15:08:56 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:03 | 000,000,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.14 23:48:54 | 000,014,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.03 18:39:00 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[2011.01.19 16:37:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.01.19 16:04:37 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe

[2010.07.13 22:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat

[2010.06.01 17:28:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.06.01 17:28:01 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.04.07 17:18:58 | 000,159,980 | ---- | C] () -- C:\WINDOWS\hpoins14.dat

[2010.04.07 17:18:58 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat

[2010.03.05 15:13:07 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009.01.13 15:50:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.01.09 17:43:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.01.04 18:39:29 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.27 00:08:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe

[2008.12.26 21:48:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.12.24 17:36:29 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.12.24 17:19:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008.12.24 16:26:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008.09.25 01:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2008.09.25 00:59:58 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe

[2008.09.25 00:59:58 | 000,033,136 | ---- | C] () -- C:\WINDOWS\ASScrPro.exe

[2008.09.25 00:59:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2008.09.24 22:37:19 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2008.09.24 22:37:18 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2008.09.24 22:37:17 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2008.09.24 22:37:16 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2008.09.24 22:08:00 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc

[2008.09.24 22:06:42 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008.09.24 22:06:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.09.24 21:53:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008.09.24 21:48:41 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL

[2008.09.24 21:46:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VFO.INI

[2008.09.24 21:46:26 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.09.24 21:46:26 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.09.24 21:46:26 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.09.24 21:46:26 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.09.24 21:46:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.09.24 19:27:54 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008.09.24 19:11:51 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.09.24 19:08:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008.09.24 18:53:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008.09.24 18:41:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008.09.24 18:36:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008.09.24 18:35:31 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.09.12 23:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2006.06.01 19:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.06.01 19:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.06.01 19:06:00 | 000,462,550 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.06.01 19:06:00 | 000,443,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.06.01 19:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.06.01 19:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.06.01 19:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.06.01 19:06:00 | 000,085,732 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.06.01 19:06:00 | 000,072,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.06.01 19:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.06.01 19:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.06.01 19:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.06.01 19:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.06.01 19:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.06.01 19:06:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006.06.01 19:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.04.29 16:43:54 | 000,000,288 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006.04.19 00:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004.12.20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2004.10.15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004.03.11 01:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
 

< End of report >

--- --- ---

Zitat:

Wieso sind alle Platten mit FAT32 als Dateisystem ausgestattet?! Das ist nicht mehr zeitgemäß, man kann aber nachträglich und ohne Datenverlust nach NTFS konvertieren.

Warum die Festplatten im FAT32 Format sind, weiß ich nicht, als ich den Computer erhalten habe waren sie bereits in diesem Format und ich dachte eine Umstellung würde nur mit einer Formatierung gehen.

An dieser Stelle auch eine Entschuldigung für den Doppelposts, ich bin unerfahren im Umgang mit Foren.

Ist es denn von Bedeutung in welchem Format die Platten sind, um eine sichere Nutzung zu gewährleisten?

Zitat:

Ist es denn von Bedeutung in welchem Format die Platten sind, um eine sichere Nutzung zu gewährleisten?

Ja. FAT32 ist ein uraltes DOS-Format, bzw unterscheidet sich nur unwesentlich von diesem.
Es kennt keine Rechtverwaltung!!

Systempartition nach NTFS konvertieren:

1) Start, Ausführen, cmd eintippen und ok
2) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
3) Die aktuelle Bezeichnung von C: eintippen (siehst Du im Arbeitsplatz auf C:, wenn "Lokaler Datenträger" da nur steht, hat C: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung)
4) Hinweis, dass das Laufwerk beim nächsten Windows-Start konvertiert werden soll mit J bestätigen und Windows neustarten lassen, geduldig sein!

Das gleiche machst du mit Laufwerk D: über convert d: /fs:ntfs

USB-Sticks können ruhig auf FAT32 bleiben.

Hab jetzt beide Partitionen auf NTFS formatiert und noch einmal einen scan mit OTL und Malewarebytes gemacht.

Die zeigen aber nichts mehr an. Ist der Trojaner jetzt vollstänndig gelöscht oder könnten noch irgendwelche Rückstände irgendwo sein?

Malewarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6137

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.03.2011 20:55:59
mbam-log-2011-03-23 (20-55-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152586
Laufzeit: 7 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL:OTL Logfile:

Code:

OTL Extras logfile created on: 23.03.2011 20:48:09 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 53,09 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,78 Gb Free Space | 37,77% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"D:\Spiele\Rise and Fall\RiseAndFall.exe" = D:\Spiele\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War -- (Midway Home Entertainment)

"D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe" = D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)

"D:\Spiele\Two Worlds\TwoWorlds.exe" = D:\Spiele\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump)

"D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe" = D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump)

"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"D:\Spiele\Stronghold 2\Stronghold2.exe" = D:\Spiele\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"D:\Spiele\Mass Effect\Binaries\MassEffect.exe" = D:\Spiele\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"D:\Spiele\Mass Effect\MassEffectLauncher.exe" = D:\Spiele\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07E23E10-F663-5D23-6393-DC82AFC8B475}" = ccc-core-static

"{0CE42E4B-82AA-41AE-BB33-E0307555D4C9}" = Catalyst Control Center Localization Chinese Standard

"{0FFC10A2-3B60-283D-0DDE-91EF4A3B0969}" = Catalyst Control Center Localization Finnish

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18742725-FAAF-4FF5-AA21-88A5814BC9CE}" = Audiograbber 1.83 SE

"{18F98693-AF94-11FC-0650-25E724F58C9E}" = Catalyst Control Center Graphics Full Existing

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{221F14FF-7DAA-70C4-3A46-FA50EC2AB6E1}" = CCC Help Portuguese

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{27A5A63B-3290-F55F-FD6D-D8F87CC0006F}" = Catalyst Control Center Localization Thai

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2B85C4A2-9E74-E583-01A8-B947172F39D4}" = Catalyst Control Center Localization Japanese

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004

"{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{33CD74BF-8544-15AF-D4A9-BA1791550927}" = Catalyst Control Center Core Implementation

"{344C4348-6397-FEEB-ADE5-98D95D5A87E3}" = CCC Help Chinese Standard

"{34D1C6F2-5B2C-A27E-CC6D-FE55B78DEB69}" = Catalyst Control Center Localization Spanish

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium

"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32

"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear

"{44F934C2-3CFB-1229-6872-35F3662268F6}" = Catalyst Control Center Localization French

"{461B9564-65CB-1D4A-46B2-CC27DC4F07EC}" = CCC Help Swedish

"{4F400CD4-ABB5-5973-8F0C-40BBF28C0B8C}" = CCC Help Turkish

"{4FBA95A6-7F4E-6ED0-EA7A-A3C46A64A51E}" = CCC Help Thai

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{5039F71C-7A31-568E-D002-07FF5F95ACBF}" = CCC Help English

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{52326763-A5B3-9514-4655-A82828CD9B2D}" = Catalyst Control Center Localization Norwegian

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{539D0779-8D8D-9BB8-8D1C-F04C647B6267}" = CCC Help German

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{571A9704-FA7C-9560-7AEF-2B630DCB894B}" = CCC Help Spanish

"{579141D6-019E-A917-97A3-359E87EDC2C2}" = Catalyst Control Center Localization Czech

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{5954CB86-A47E-F865-A534-2473C7500EA4}" = Catalyst Control Center Localization German

"{5A02B151-2AA2-D1C6-6165-F6AA00C1D9C4}" = Catalyst Control Center Localization Turkish

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos

"{5F407E27-927F-3997-EDF1-2EF57FE14328}" = CCC Help Italian

"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60829E1B-6DD2-2D98-ED53-BA097E84A954}" = Catalyst Control Center Localization Russian

"{6179B0A4-9A6D-9793-9839-30A637DD70FB}" = Catalyst Control Center Localization Dutch

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6DEAD32C-7067-6AA8-5CDB-A1FDCA44A4B6}" = Catalyst Control Center Graphics Previews Common

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739ECDBA-F065-73DB-0553-BA8A4F8B4753}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78155353-3D54-2FCA-395D-1BABEEC2C562}" = CCC Help Korean

"{793D040C-F449-8EE9-484F-F9084321D747}" = CCC Help Dutch

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{7F6B6DC9-F082-5A97-A240-1D71042C00CA}" = Catalyst Control Center Localization Chinese Traditional

"{7F976697-3404-1BBE-48A4-EB154BE2492B}" = CCC Help Chinese Traditional

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{81CC6FB7-8EF6-0ACB-60EC-B0F035B2EDCA}" = Catalyst Control Center Localization Danish

"{8238F0E3-34A4-47DE-A78A-8753C21EFAC0}" = CCC Help Russian

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{850C4C12-57E2-43E4-B66B-B08B120C55F3}" = FireBurner

"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006

"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold

"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5

"{8734AA3A-E94D-2A2E-4B37-902E104DFC46}" = Catalyst Control Center Localization Polish

"{87911A27-1567-42B0-B8B7-2150D20E7AB6}" = DDBAC

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90A50153-331D-FFFF-4F21-D146672B3AB7}" = Catalyst Control Center Localization Italian

"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a

"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean

"{9757A86E-ACAB-9AE2-2B51-B78AD70B0DFD}" = Catalyst Control Center Graphics Light

"{97AFD0D8-5720-4A59-BFDC-CB92A36FADF9}_is1" = Company of Heroes: Eastern Front 1.20

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{9920A86F-A622-2D1C-0BE6-D872B8FD2A2B}" = CCC Help Japanese

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A73B5BA6-2540-C173-6AC9-2110778D3EB4}" = CCC Help Greek

"{A75C66FD-02D5-4D0D-DCB1-6C2730B3E4AF}" = Catalyst Control Center Localization Greek

"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI

"{A8B30A2D-5428-6259-3CC8-81F725B44130}" = CCC Help Finnish

"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF5FFB4C-3175-9482-4F03-D68AB423368A}" = Catalyst Control Center Localization Swedish

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B05A5743-AF48-60B3-BEFD-0F042FDB75B4}" = ccc-utility

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BFD9BF35-B5B3-B021-8F71-9D0137AAB57F}" = ccc-core-preinstall

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk

"{C27DC823-0996-5109-2F03-C8BD43963438}" = CCC Help Polish

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{DAEB7FC7-1AAB-499A-241E-F54D1DD1725D}" = Catalyst Control Center Localization Korean

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DE486CCB-3C9B-7EEE-1328-2209EC6500EC}" = Catalyst Control Center Localization Portuguese

"{E0260323-5186-AAA6-43AD-48AE0E475689}" = CCC Help Czech

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39F7325-FFE5-EDEC-044B-812BA1B0C8F2}" = CCC Help French

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E5F9A595-3E77-55AB-6109-06C02BBC7F36}" = Skins

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EA759367-590A-AE0D-B2B0-E89151ACB9AE}" = CCC Help Hungarian

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID

"{F0B6BD72-54C6-F391-7AD8-DA26D572752A}" = CCC Help Danish

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall

"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F92EAC2A-1CBC-F17C-C3F0-E79C3697CE79}" = Catalyst Control Center Localization Hungarian

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"{FC9B3A61-FD27-85DE-C8DC-F04D7944B4B2}" = Catalyst Control Center Graphics Full New

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"AnyDVD" = AnyDVD

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CDex" = CDex extraction audio

"CloneCD" = CloneCD

"CloneDVD2" = CloneDVD2

"Company of Heroes" = Company of Heroes

"DivX Setup.divx.com" = DivX-Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch

"EAX Unified" = EAX Unified

"Flyingcode NFO-Viewer_is1" = Flyingcode NFO-Viewer 1.0

"Freelancer 1.0" = Freelancer

"Guild Wars" = GUILD WARS

"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
 

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0

"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002

"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 1.9

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.27091

"Mafia" = Mafia

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"map&guide 11 Karte Deutschland City" = map&guide 11 Karte Deutschland City

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QVP" = Quick View Plus

"RegSupreme Pro_is1" = RegSupreme Pro 1.2

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"Soldat_is1" = Soldat 1.5.0

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"Steam App 240" = Counter-Strike: Source

"Steam App 630" = Alien Swarm

"Tunngle beta_is1" = Tunngle beta

"TVgenial" = TVgenial

"Two Worlds" = Two Worlds

"UltraISO_is1" = UltraISO 8.0 Premium Edition

"VLC media player" = VideoLAN VLC media player 0.8.2

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR Archivierer

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

"XviD_is1" = XviD 1.1 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.03.2011 15:51:51 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 18.03.2011 16:13:50 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 10:23:01 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 15:52:06 | Computer Name = JOHANNES-LAPTOP | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.

 

Error - 20.03.2011 13:20:38 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 21.03.2011 16:58:49 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 11:35:04 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 16:53:52 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:03:34 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:04:01 | Computer Name = JOHANNES-LAPTOP | Source = ESENT | ID = 490

Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 22.03.2011 19:07:28 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 22.03.2011 23:01:31 | Computer Name = JOHANNES-LAPTOP | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 10:35:55 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 23.03.2011 10:54:05 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 23.03.2011 13:32:04 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 13:32:04 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 23.03.2011 20:48:09 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 53,09 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,78 Gb Free Space | 37,77% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\ASScrPro.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Programme\ATK Hotkey\WDC.exe ()

PRC - C:\Programme\ATK Hotkey\HControlUser.exe ()

PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\WINDOWS\system32\acs.exe (Atheros)

PRC - C:\Programme\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Programme\Wireless Console 2\wcourier.exe ()

PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

PRC - C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (kwyena) --  File not found

SRV - (HidServ) --  File not found

SRV - (bqxpnwp) --  File not found

SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

SRV - (PDEngine) -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDSched) -- C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)

SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)

DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AsDsm) -- C:\WINDOWS\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()

DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)

DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)

DRV - (ddxgb) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ddxgb.sys ()

DRV - (Defrag32b) -- C:\WINDOWS\System32\drivers\defrag32b.sys (Raxco Software, Inc.)

DRV - (Defrag32) -- C:\WINDOWS\System32\drivers\defrag32.sys (Raxco Software, Inc.)

DRV - (siside) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)

DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)

DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)

DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)

DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)

DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)

DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)

DRV - (ASNDIS5) -- C:\Programme\ATK Hotkey\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.09.24 19:27:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.09.24 19:27:54 | 000,000,000 | ---D | M]

 

[2008.12.24 17:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2008.12.24 16:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions

[2011.01.17 15:46:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\conduit.xml

[2008.12.26 21:16:18 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\youtube-videosuche.xml

[2008.09.24 19:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 23:33:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 23:33:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 23:33:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 23:33:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 23:33:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.06.01 19:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100)

O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Programme\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [MsgTranAgt] C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.09.24 21:46:32 | 000,000,718 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008.05.01 18:36:21 | 000,726,248 | R--- | M] (BioWare) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.11.15 23:48:02 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.23 15:36:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 01:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.03.23 01:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.03.23 01:57:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.23 01:47:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 15:08:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare

[2011.03.20 18:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GUILD WARS

[2011.03.20 18:56:31 | 000,165,248 | ---- | C] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.15 17:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

[2011.03.15 17:48:32 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine

[2011.03.11 15:17:12 | 000,000,000 | -HSD | C] -- C:\FOUND.009

[2008.09.24 22:28:41 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.23 18:30:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.03.23 18:30:25 | 000,286,053 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.03.23 18:15:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011.03.23 15:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 03:09:32 | 000,142,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:26 | 000,140,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:44 | 000,179,279 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 03:00:18 | 003,840,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:24 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:16 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.23 01:48:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 23:31:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.03.22 15:08:58 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:04 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.20 18:56:28 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.18 19:46:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.03.14 23:48:56 | 000,014,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.11 12:34:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.03.04 18:31:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.03.04 17:18:08 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.03.03 18:39:02 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.23 03:09:31 | 000,142,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:24 | 000,140,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:43 | 000,179,279 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 02:58:01 | 003,840,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:23 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:23 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.22 15:08:56 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:03 | 000,000,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.14 23:48:54 | 000,014,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.03 18:39:00 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[2011.01.19 16:37:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.01.19 16:04:37 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe

[2010.07.13 22:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat

[2010.06.01 17:28:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.06.01 17:28:01 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.04.07 17:18:58 | 000,159,980 | ---- | C] () -- C:\WINDOWS\hpoins14.dat

[2010.04.07 17:18:58 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat

[2010.03.05 15:13:07 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009.01.13 15:50:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.01.09 17:43:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.01.04 18:39:29 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.27 00:08:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe

[2008.12.26 21:48:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.12.24 17:36:29 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.12.24 17:19:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008.12.24 16:26:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008.09.25 01:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2008.09.25 00:59:58 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe

[2008.09.25 00:59:58 | 000,033,136 | ---- | C] () -- C:\WINDOWS\ASScrPro.exe

[2008.09.25 00:59:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2008.09.24 22:37:19 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2008.09.24 22:37:18 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2008.09.24 22:37:17 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2008.09.24 22:37:16 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2008.09.24 22:08:00 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc

[2008.09.24 22:06:42 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008.09.24 22:06:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.09.24 21:53:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008.09.24 21:48:41 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL

[2008.09.24 21:46:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VFO.INI

[2008.09.24 21:46:26 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.09.24 21:46:26 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.09.24 21:46:26 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.09.24 21:46:26 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.09.24 21:46:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.09.24 19:27:54 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008.09.24 19:11:51 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.09.24 19:08:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008.09.24 18:53:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008.09.24 18:41:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008.09.24 18:36:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008.09.24 18:35:31 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.09.12 23:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2006.06.01 19:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.06.01 19:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.06.01 19:06:00 | 000,462,550 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.06.01 19:06:00 | 000,443,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.06.01 19:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.06.01 19:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.06.01 19:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.06.01 19:06:00 | 000,085,732 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.06.01 19:06:00 | 000,072,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.06.01 19:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.06.01 19:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.06.01 19:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.06.01 19:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.06.01 19:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.06.01 19:06:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006.06.01 19:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.04.29 16:43:54 | 000,000,288 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006.04.19 00:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004.12.20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2004.10.15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004.03.11 01:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
 

< End of report >

--- --- ---

Code:

OTL Extras logfile created on: 23.03.2011 20:48:09 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 53,09 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,78 Gb Free Space | 37,77% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"D:\Spiele\Rise and Fall\RiseAndFall.exe" = D:\Spiele\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War -- (Midway Home Entertainment)

"D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe" = D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)

"D:\Spiele\Two Worlds\TwoWorlds.exe" = D:\Spiele\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump)

"D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe" = D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump)

"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"D:\Spiele\Stronghold 2\Stronghold2.exe" = D:\Spiele\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"D:\Spiele\Mass Effect\Binaries\MassEffect.exe" = D:\Spiele\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"D:\Spiele\Mass Effect\MassEffectLauncher.exe" = D:\Spiele\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07E23E10-F663-5D23-6393-DC82AFC8B475}" = ccc-core-static

"{0CE42E4B-82AA-41AE-BB33-E0307555D4C9}" = Catalyst Control Center Localization Chinese Standard

"{0FFC10A2-3B60-283D-0DDE-91EF4A3B0969}" = Catalyst Control Center Localization Finnish

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18742725-FAAF-4FF5-AA21-88A5814BC9CE}" = Audiograbber 1.83 SE

"{18F98693-AF94-11FC-0650-25E724F58C9E}" = Catalyst Control Center Graphics Full Existing

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{221F14FF-7DAA-70C4-3A46-FA50EC2AB6E1}" = CCC Help Portuguese

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{27A5A63B-3290-F55F-FD6D-D8F87CC0006F}" = Catalyst Control Center Localization Thai

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2B85C4A2-9E74-E583-01A8-B947172F39D4}" = Catalyst Control Center Localization Japanese

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004

"{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{33CD74BF-8544-15AF-D4A9-BA1791550927}" = Catalyst Control Center Core Implementation

"{344C4348-6397-FEEB-ADE5-98D95D5A87E3}" = CCC Help Chinese Standard

"{34D1C6F2-5B2C-A27E-CC6D-FE55B78DEB69}" = Catalyst Control Center Localization Spanish

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium

"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32

"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear

"{44F934C2-3CFB-1229-6872-35F3662268F6}" = Catalyst Control Center Localization French

"{461B9564-65CB-1D4A-46B2-CC27DC4F07EC}" = CCC Help Swedish

"{4F400CD4-ABB5-5973-8F0C-40BBF28C0B8C}" = CCC Help Turkish

"{4FBA95A6-7F4E-6ED0-EA7A-A3C46A64A51E}" = CCC Help Thai

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{5039F71C-7A31-568E-D002-07FF5F95ACBF}" = CCC Help English

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{52326763-A5B3-9514-4655-A82828CD9B2D}" = Catalyst Control Center Localization Norwegian

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{539D0779-8D8D-9BB8-8D1C-F04C647B6267}" = CCC Help German

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{571A9704-FA7C-9560-7AEF-2B630DCB894B}" = CCC Help Spanish

"{579141D6-019E-A917-97A3-359E87EDC2C2}" = Catalyst Control Center Localization Czech

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{5954CB86-A47E-F865-A534-2473C7500EA4}" = Catalyst Control Center Localization German

"{5A02B151-2AA2-D1C6-6165-F6AA00C1D9C4}" = Catalyst Control Center Localization Turkish

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos

"{5F407E27-927F-3997-EDF1-2EF57FE14328}" = CCC Help Italian

"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60829E1B-6DD2-2D98-ED53-BA097E84A954}" = Catalyst Control Center Localization Russian

"{6179B0A4-9A6D-9793-9839-30A637DD70FB}" = Catalyst Control Center Localization Dutch

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6DEAD32C-7067-6AA8-5CDB-A1FDCA44A4B6}" = Catalyst Control Center Graphics Previews Common

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739ECDBA-F065-73DB-0553-BA8A4F8B4753}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78155353-3D54-2FCA-395D-1BABEEC2C562}" = CCC Help Korean

"{793D040C-F449-8EE9-484F-F9084321D747}" = CCC Help Dutch

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{7F6B6DC9-F082-5A97-A240-1D71042C00CA}" = Catalyst Control Center Localization Chinese Traditional

"{7F976697-3404-1BBE-48A4-EB154BE2492B}" = CCC Help Chinese Traditional

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{81CC6FB7-8EF6-0ACB-60EC-B0F035B2EDCA}" = Catalyst Control Center Localization Danish

"{8238F0E3-34A4-47DE-A78A-8753C21EFAC0}" = CCC Help Russian

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{850C4C12-57E2-43E4-B66B-B08B120C55F3}" = FireBurner

"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006

"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold

"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5

"{8734AA3A-E94D-2A2E-4B37-902E104DFC46}" = Catalyst Control Center Localization Polish

"{87911A27-1567-42B0-B8B7-2150D20E7AB6}" = DDBAC

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90A50153-331D-FFFF-4F21-D146672B3AB7}" = Catalyst Control Center Localization Italian

"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a

"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean

"{9757A86E-ACAB-9AE2-2B51-B78AD70B0DFD}" = Catalyst Control Center Graphics Light

"{97AFD0D8-5720-4A59-BFDC-CB92A36FADF9}_is1" = Company of Heroes: Eastern Front 1.20

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{9920A86F-A622-2D1C-0BE6-D872B8FD2A2B}" = CCC Help Japanese

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A73B5BA6-2540-C173-6AC9-2110778D3EB4}" = CCC Help Greek

"{A75C66FD-02D5-4D0D-DCB1-6C2730B3E4AF}" = Catalyst Control Center Localization Greek

"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI

"{A8B30A2D-5428-6259-3CC8-81F725B44130}" = CCC Help Finnish

"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF5FFB4C-3175-9482-4F03-D68AB423368A}" = Catalyst Control Center Localization Swedish

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B05A5743-AF48-60B3-BEFD-0F042FDB75B4}" = ccc-utility

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BFD9BF35-B5B3-B021-8F71-9D0137AAB57F}" = ccc-core-preinstall

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk

"{C27DC823-0996-5109-2F03-C8BD43963438}" = CCC Help Polish

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{DAEB7FC7-1AAB-499A-241E-F54D1DD1725D}" = Catalyst Control Center Localization Korean

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DE486CCB-3C9B-7EEE-1328-2209EC6500EC}" = Catalyst Control Center Localization Portuguese

"{E0260323-5186-AAA6-43AD-48AE0E475689}" = CCC Help Czech

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39F7325-FFE5-EDEC-044B-812BA1B0C8F2}" = CCC Help French

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E5F9A595-3E77-55AB-6109-06C02BBC7F36}" = Skins

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EA759367-590A-AE0D-B2B0-E89151ACB9AE}" = CCC Help Hungarian

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID

"{F0B6BD72-54C6-F391-7AD8-DA26D572752A}" = CCC Help Danish

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall

"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F92EAC2A-1CBC-F17C-C3F0-E79C3697CE79}" = Catalyst Control Center Localization Hungarian

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"{FC9B3A61-FD27-85DE-C8DC-F04D7944B4B2}" = Catalyst Control Center Graphics Full New

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"AnyDVD" = AnyDVD

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CDex" = CDex extraction audio

"CloneCD" = CloneCD

"CloneDVD2" = CloneDVD2

"Company of Heroes" = Company of Heroes

"DivX Setup.divx.com" = DivX-Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch

"EAX Unified" = EAX Unified

"Flyingcode NFO-Viewer_is1" = Flyingcode NFO-Viewer 1.0

"Freelancer 1.0" = Freelancer

"Guild Wars" = GUILD WARS

"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
 

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0

"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002

"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 1.9

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.27091

"Mafia" = Mafia

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"map&guide 11 Karte Deutschland City" = map&guide 11 Karte Deutschland City

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QVP" = Quick View Plus

"RegSupreme Pro_is1" = RegSupreme Pro 1.2

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"Soldat_is1" = Soldat 1.5.0

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"Steam App 240" = Counter-Strike: Source

"Steam App 630" = Alien Swarm

"Tunngle beta_is1" = Tunngle beta

"TVgenial" = TVgenial

"Two Worlds" = Two Worlds

"UltraISO_is1" = UltraISO 8.0 Premium Edition

"VLC media player" = VideoLAN VLC media player 0.8.2

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR Archivierer

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

"XviD_is1" = XviD 1.1 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.03.2011 15:51:51 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 18.03.2011 16:13:50 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 10:23:01 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 15:52:06 | Computer Name = JOHANNES-LAPTOP | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.

 

Error - 20.03.2011 13:20:38 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 21.03.2011 16:58:49 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 11:35:04 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 16:53:52 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:03:34 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:04:01 | Computer Name = JOHANNES-LAPTOP | Source = ESENT | ID = 490

Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 22.03.2011 19:07:28 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 22.03.2011 23:01:31 | Computer Name = JOHANNES-LAPTOP | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 10:35:55 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 23.03.2011 10:54:05 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 23.03.2011 13:32:04 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 13:32:04 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 23.03.2011 20:48:09 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 53,09 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,78 Gb Free Space | 37,77% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\ASScrPro.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Programme\ATK Hotkey\WDC.exe ()

PRC - C:\Programme\ATK Hotkey\HControlUser.exe ()

PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\WINDOWS\system32\acs.exe (Atheros)

PRC - C:\Programme\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Programme\Wireless Console 2\wcourier.exe ()

PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

PRC - C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (kwyena) --  File not found

SRV - (HidServ) --  File not found

SRV - (bqxpnwp) --  File not found

SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

SRV - (PDEngine) -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDSched) -- C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)

SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)

DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AsDsm) -- C:\WINDOWS\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()

DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)

DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)

DRV - (ddxgb) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ddxgb.sys ()

DRV - (Defrag32b) -- C:\WINDOWS\System32\drivers\defrag32b.sys (Raxco Software, Inc.)

DRV - (Defrag32) -- C:\WINDOWS\System32\drivers\defrag32.sys (Raxco Software, Inc.)

DRV - (siside) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)

DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)

DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)

DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)

DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)

DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)

DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)

DRV - (ASNDIS5) -- C:\Programme\ATK Hotkey\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.09.24 19:27:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.09.24 19:27:54 | 000,000,000 | ---D | M]

 

[2008.12.24 17:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2008.12.24 16:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions

[2011.01.17 15:46:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\conduit.xml

[2008.12.26 21:16:18 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\youtube-videosuche.xml

[2008.09.24 19:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 23:33:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 23:33:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 23:33:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 23:33:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 23:33:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.06.01 19:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100)

O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Programme\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [MsgTranAgt] C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.09.24 21:46:32 | 000,000,718 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008.05.01 18:36:21 | 000,726,248 | R--- | M] (BioWare) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.11.15 23:48:02 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.23 15:36:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 01:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.03.23 01:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.03.23 01:57:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.23 01:47:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 15:08:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare

[2011.03.20 18:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GUILD WARS

[2011.03.20 18:56:31 | 000,165,248 | ---- | C] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.15 17:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

[2011.03.15 17:48:32 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine

[2011.03.11 15:17:12 | 000,000,000 | -HSD | C] -- C:\FOUND.009

[2008.09.24 22:28:41 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.23 18:30:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.03.23 18:30:25 | 000,286,053 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.03.23 18:15:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011.03.23 15:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 03:09:32 | 000,142,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:26 | 000,140,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:44 | 000,179,279 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 03:00:18 | 003,840,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:24 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:16 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.23 01:48:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 23:31:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.03.22 15:08:58 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:04 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.20 18:56:28 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.18 19:46:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.03.14 23:48:56 | 000,014,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.11 12:34:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.03.04 18:31:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.03.04 17:18:08 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.03.03 18:39:02 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.23 03:09:31 | 000,142,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:24 | 000,140,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:43 | 000,179,279 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 02:58:01 | 003,840,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:23 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:23 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.22 15:08:56 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:03 | 000,000,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.14 23:48:54 | 000,014,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.03 18:39:00 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[2011.01.19 16:37:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.01.19 16:04:37 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe

[2010.07.13 22:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat

[2010.06.01 17:28:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.06.01 17:28:01 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.04.07 17:18:58 | 000,159,980 | ---- | C] () -- C:\WINDOWS\hpoins14.dat

[2010.04.07 17:18:58 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat

[2010.03.05 15:13:07 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009.01.13 15:50:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.01.09 17:43:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.01.04 18:39:29 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.27 00:08:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe

[2008.12.26 21:48:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.12.24 17:36:29 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.12.24 17:19:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008.12.24 16:26:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008.09.25 01:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2008.09.25 00:59:58 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe

[2008.09.25 00:59:58 | 000,033,136 | ---- | C] () -- C:\WINDOWS\ASScrPro.exe

[2008.09.25 00:59:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2008.09.24 22:37:19 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2008.09.24 22:37:18 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2008.09.24 22:37:17 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2008.09.24 22:37:16 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2008.09.24 22:08:00 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc

[2008.09.24 22:06:42 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008.09.24 22:06:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.09.24 21:53:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008.09.24 21:48:41 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL

[2008.09.24 21:46:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VFO.INI

[2008.09.24 21:46:26 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.09.24 21:46:26 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.09.24 21:46:26 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.09.24 21:46:26 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.09.24 21:46:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.09.24 19:27:54 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008.09.24 19:11:51 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.09.24 19:08:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008.09.24 18:53:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008.09.24 18:41:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008.09.24 18:36:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008.09.24 18:35:31 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.09.12 23:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2006.06.01 19:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.06.01 19:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.06.01 19:06:00 | 000,462,550 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.06.01 19:06:00 | 000,443,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.06.01 19:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.06.01 19:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.06.01 19:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.06.01 19:06:00 | 000,085,732 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.06.01 19:06:00 | 000,072,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.06.01 19:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.06.01 19:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.06.01 19:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.06.01 19:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.06.01 19:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.06.01 19:06:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006.06.01 19:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.04.29 16:43:54 | 000,000,288 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006.04.19 00:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004.12.20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2004.10.15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004.03.11 01:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
 

< End of report >

--- --- ---

Edit: Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hier ist das ComboFix Log
Combofix Logfile:

Code:

ComboFix 11-03-23.06 - Administrator 24.03.2011  16:29:20.1.2 - x86

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Images

c:\images\de-ra3.sfv

c:\windows\system32\AutoRun.inf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))

.

.

2011-03-24 15:11 . 2011-03-24 15:11        --------        d-----w-        c:\programme\CCleaner

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2011-03-23 00:57 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-03-23 00:57 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-22 14:08 . 2011-03-22 14:08        --------        d-----w-        c:\programme\Gemeinsame Dateien\BioWare

2011-03-15 16:48 . 2011-03-15 16:48        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

2011-03-15 16:48 . 2011-03-15 16:48        0        ----a-w-        c:\windows\system32\ConduitEngine.tmp

2011-03-15 16:48 . 2011-03-15 16:48        --------        d-----w-        c:\programme\ConduitEngine

2011-03-11 14:17 . 2011-03-11 14:17        --------        d-----w-        C:\FOUND.009

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 11:34 . 2011-01-19 15:37        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll

2011-02-02 07:58 . 2008-09-24 17:40        2067456        ----a-w-        c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2008-09-24 17:40        677888        ----a-w-        c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2006-06-01 18:06        440832        ----a-w-        c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2006-06-01 18:06        290048        ----a-w-        c:\windows\system32\atmfd.dll

2010-12-31 14:03 . 2006-06-01 18:06        1855104        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\prxtbWin2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54        175912        ----a-w-        c:\programme\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

2011-01-17 14:54        175912        ----a-w-        c:\programme\Winload\prxtbWin2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\prxtbWin2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\programme\Winload\prxtbWin2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 16:08        143360        ----a-w-        c:\programme\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-01-26 15026056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="c:\programme\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]

"ATKHOTKEY"="c:\programme\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]

"MsgTranAgt"="c:\programme\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]

"ATKOSD2"="c:\programme\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]

"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-25 37232]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-25 33136]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\

CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2003-11-21 45056]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           PDBoot.exe\0autocheck autochk *\0OODBS

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^OpenOffice.org 3.2.lnk]

path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat Speed Launcher.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]

2008-01-15 16:27        851968        ----a-w-        c:\programme\ASUS\Splendid\ACMON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 01:08        483328        ----a-w-        c:\programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 11:43        69632        ----a-r-        c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 10:42        33120        ----a-w-        c:\programme\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

2007-11-30 10:20        51768        ----a-w-        c:\programme\ASUS\ASUS Live Update\ALU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]

2006-11-02 07:27        61440        ----a-w-        c:\programme\ASUS\ATK Media\DMedia.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-08-20 20:45        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-11 20:34        49152        ----a-w-        c:\programme\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 15:40        155648        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2004-03-11 00:26        406016        ----a-w-        c:\windows\system32\PSDrvCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]

2008-01-25 17:32        778240        ----a-w-        c:\programme\P4P\P4P.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 19:24        32768        ----a-w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-04-10 09:52        16861184        ----a-r-        c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-03-21 15:54        544768        ----a-r-        c:\windows\sm56hlpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-03-03 17:29        1242448        ----a-w-        c:\programme\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-01-22 16:54        136600        ----a-w-        c:\programme\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-07-12 17:32        74752        ----a-w-        c:\programme\Winamp\winampa.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Spiele\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=

"d:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"d:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"d:\\Spiele\\Rise and Fall\\RiseAndFall.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Spiele\\CoH\\RelicDownloader\\RelicDownloader.exe"=

"d:\\Spiele\\Two Worlds\\TwoWorlds.exe"=

"d:\\Spiele\\Two Worlds\\TwoWorlds_RADEON.exe"=

"c:\\Programme\\Tunngle\\TnglCtrl.exe"=

"c:\\Programme\\Tunngle\\Tunngle.exe"=

"c:\\Programme\\Steam\\Steam.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=

"d:\\Spiele\\Stronghold 2\\Stronghold2.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=

"c:\\Programme\\Steam\\SteamApps\\trollcook\\counter-strike source\\hl2.exe"=

"d:\\Spiele\\Mass Effect\\Binaries\\MassEffect.exe"=

"d:\\Spiele\\Mass Effect\\MassEffectLauncher.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.04.2010 00:06 691696]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.03.2010 20:03 108289]

R2 TunngleService;TunngleService;c:\programme\Tunngle\TnglCtrl.exe [13.07.2010 22:53 716024]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.01.2008 12:06 21632]

S2 bqxpnwp;Task Microsoft;c:\windows\system32\svchost.exe -k netsvcs [01.06.2006 19:06 14336]

S2 kwyena;Update Task;c:\windows\system32\svchost.exe -k netsvcs [01.06.2006 19:06 14336]

S2 PDSched;PDScheduler;c:\programme\Raxco\PerfectDisk\PDSched.exe [01.06.2006 21:06 241731]

S3 lupzzx;lupzzx;\??\c:\windows\system32\0D.tmp --> c:\windows\system32\0D.tmp [?]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [13.07.2010 22:53 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

kwyena

bqxpnwp

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-04 c:\windows\Tasks\1-Klick-Wartung.job

- c:\programme\TuneUpUtilities2006\SystemOptimizer.exe [2005-08-24 01:29]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-Outpost Firewall - c:\programme\Agnitum\Outpost Firewall\outpost.exe

MSConfigStartUp-OutpostFeedBack - c:\programme\Agnitum\Outpost Firewall\feedback.exe

MSConfigStartUp-SynTPEnh - c:\programme\Synaptics\SynTP\SynTPEnh.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-24 16:42

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

C:\ADSM_PData_0150

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lupzzx]

"ImagePath"="\??\c:\windows\system32\0D.tmp"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1343024091-115176313-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:5e,8a,15,10,9c,99,51,e2,33,01,4c,5d,89,f3,29,04,82,35,d4,ec,b7,

   38,4d,62,be,7f,3e,84,0a,3f,c0,c0,e2,74,6b,e5,9f,8f,3e,da,0b,06,e5,ab,a9,90,\

"rkeysecu"=hex:f7,ee,b4,cc,f8,09,48,a8,e6,00,63,95,a4,77,2d,ee

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]

"7040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1132)

c:\windows\system32\Ati2evxx.dll

.

Zeit der Fertigstellung: 2011-03-24  17:09:52

ComboFix-quarantined-files.txt  2011-03-24 16:09

.

Vor Suchlauf: 16 Verzeichnis(se), 57.221.194.752 Bytes frei

Nach Suchlauf: 26 Verzeichnis(se), 57.336.217.088 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

C:\ = "Nicht erkanntes Betriebssystem auf Laufwerk C"

.

- - End Of File - - 4D2C6BC329CD2B426650BC826B5CD5E2

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::

C:\FOUND.009

c:\programme\ConduitEngine

c:\programme\Winload
 

File::

c:\windows\system32\0D.tmp
 

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{40c3cc16-7269-4b32-9531-17f2950fb06f}"=-

[-HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{40c3cc16-7269-4b32-9531-17f2950fb06f}"=- 

[-HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{40C3CC16-7269-4B32-9531-17F2950FB06F}"=-

[-HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
 

Driver::

bqxpnwp

kwyena

lupzzx

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hier ist das 2. ComboFix Log:

Combofix Logfile:

Code:

ComboFix 11-03-23.06 - Administrator 24.03.2011  19:23:54.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1077 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Administrator\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

FILE ::

"c:\windows\system32\0D.tmp"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\FOUND.009

c:\found.009\FILE0000.CHK

c:\found.009\FILE0001.CHK

c:\programme\ConduitEngine

c:\programme\ConduitEngine\appContextMenu.xml

c:\programme\ConduitEngine\ConduitEngine.dll

c:\programme\ConduitEngine\ConduitEngineHelper.exe

c:\programme\ConduitEngine\engineContextMenu.xml

c:\programme\ConduitEngine\EngineSettings.json

c:\programme\ConduitEngine\prxConduitEngine.dll

c:\programme\ConduitEngine\toolbar.cfg

c:\programme\Winload

c:\programme\Winload\INSTALL.LOG

c:\programme\Winload\prxtbWin2.dll

c:\programme\Winload\tbWin0.dll

c:\programme\Winload\tbWin1.dll

c:\programme\Winload\tbWin2.dll

c:\programme\Winload\tbWinl.dll

c:\programme\Winload\toolbar.cfg

c:\programme\Winload\uninstall.exe

c:\programme\Winload\UNWISE.EXE

c:\programme\Winload\UNWISE.INI

c:\programme\Winload\WinloadToolbarHelper.exe

c:\programme\Winload\WinloadToolbarHelper1.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BQXPNWP

-------\Legacy_KWYENA

-------\Service_bqxpnwp

-------\Service_kwyena

-------\Service_lupzzx

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))

.

.

2011-03-24 15:11 . 2011-03-24 15:11        --------        d-----w-        c:\programme\CCleaner

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2011-03-23 00:57 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-03-23 00:57 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-22 14:08 . 2011-03-22 14:08        --------        d-----w-        c:\programme\Gemeinsame Dateien\BioWare

2011-03-15 16:48 . 2011-03-15 16:48        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

2011-03-15 16:48 . 2011-03-15 16:48        0        ----a-w-        c:\windows\system32\ConduitEngine.tmp

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 11:34 . 2011-01-19 15:37        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll

2011-02-02 07:58 . 2008-09-24 17:40        2067456        ----a-w-        c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2008-09-24 17:40        677888        ----a-w-        c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2006-06-01 18:06        440832        ----a-w-        c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2006-06-01 18:06        290048        ----a-w-        c:\windows\system32\atmfd.dll

2010-12-31 14:03 . 2006-06-01 18:06        1855104        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 16:08        143360        ----a-w-        c:\programme\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-01-26 15026056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="c:\programme\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]

"ATKHOTKEY"="c:\programme\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]

"MsgTranAgt"="c:\programme\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]

"ATKOSD2"="c:\programme\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]

"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-25 37232]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-25 33136]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\

CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2003-11-21 45056]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           PDBoot.exe\0autocheck autochk *\0OODBS

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^OpenOffice.org 3.2.lnk]

path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat Speed Launcher.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]

2008-01-15 16:27        851968        ----a-w-        c:\programme\ASUS\Splendid\ACMON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 01:08        483328        ----a-w-        c:\programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 11:43        69632        ----a-r-        c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 10:42        33120        ----a-w-        c:\programme\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

2007-11-30 10:20        51768        ----a-w-        c:\programme\ASUS\ASUS Live Update\ALU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]

2006-11-02 07:27        61440        ----a-w-        c:\programme\ASUS\ATK Media\DMedia.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-08-20 20:45        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-11 20:34        49152        ----a-w-        c:\programme\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 15:40        155648        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2004-03-11 00:26        406016        ----a-w-        c:\windows\system32\PSDrvCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]

2008-01-25 17:32        778240        ----a-w-        c:\programme\P4P\P4P.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 19:24        32768        ----a-w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-04-10 09:52        16861184        ----a-r-        c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-03-21 15:54        544768        ----a-r-        c:\windows\sm56hlpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-03-03 17:29        1242448        ----a-w-        c:\programme\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-01-22 16:54        136600        ----a-w-        c:\programme\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-07-12 17:32        74752        ----a-w-        c:\programme\Winamp\winampa.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Spiele\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=

"d:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"d:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"d:\\Spiele\\Rise and Fall\\RiseAndFall.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Spiele\\CoH\\RelicDownloader\\RelicDownloader.exe"=

"d:\\Spiele\\Two Worlds\\TwoWorlds.exe"=

"d:\\Spiele\\Two Worlds\\TwoWorlds_RADEON.exe"=

"c:\\Programme\\Tunngle\\TnglCtrl.exe"=

"c:\\Programme\\Tunngle\\Tunngle.exe"=

"c:\\Programme\\Steam\\Steam.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=

"d:\\Spiele\\Stronghold 2\\Stronghold2.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=

"c:\\Programme\\Steam\\SteamApps\\trollcook\\counter-strike source\\hl2.exe"=

"d:\\Spiele\\Mass Effect\\Binaries\\MassEffect.exe"=

"d:\\Spiele\\Mass Effect\\MassEffectLauncher.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.04.2010 00:06 691696]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.03.2010 20:03 108289]

R2 TunngleService;TunngleService;c:\programme\Tunngle\TnglCtrl.exe [13.07.2010 22:53 716024]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.01.2008 12:06 21632]

S2 PDSched;PDScheduler;c:\programme\Raxco\PerfectDisk\PDSched.exe [01.06.2006 21:06 241731]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [13.07.2010 22:53 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-04 c:\windows\Tasks\1-Klick-Wartung.job

- c:\programme\TuneUpUtilities2006\SystemOptimizer.exe [2005-08-24 01:29]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Winload Toolbar - c:\programme\Winload\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-24 19:56

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1343024091-115176313-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:5e,8a,15,10,9c,99,51,e2,33,01,4c,5d,89,f3,29,04,82,35,d4,ec,b7,

   38,4d,62,be,7f,3e,84,0a,3f,c0,c0,e2,74,6b,e5,9f,8f,3e,da,0b,06,e5,ab,a9,90,\

"rkeysecu"=hex:f7,ee,b4,cc,f8,09,48,a8,e6,00,63,95,a4,77,2d,ee

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]

"7040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1140)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(7040)

c:\programme\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

c:\programme\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\programme\ATKGFNEX\GFNEXSrv.exe

c:\windows\system32\acs.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\oodag.exe

c:\programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programme\ATK Hotkey\ATKOSD.exe

c:\programme\ATK Hotkey\KBFiltr.exe

c:\programme\ATK Hotkey\WDC.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-03-24  20:05:09 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-03-24 19:04

ComboFix2.txt  2011-03-24 16:10

.

Vor Suchlauf: 25 Verzeichnis(se), 57.313.026.048 Bytes frei

Nach Suchlauf: 25 Verzeichnis(se), 57.189.285.888 Bytes frei

.

- - End Of File - - BD145BCBDD95EBB3769D352703B4D399

--- --- ---

Außerdem habe ich noch eine Frage.
Nach dem Neustart ist ein Fenster aufgetaucht mit dem Titel Sicherheitshinweis (siehe Screenshot2).
Kann ich dem vertrauen?

Ja.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html