Trojaner-Board - AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen (https://www.trojaner-board.de/96738-antivir-zeigt-fund-trojaners-tr-crypt-xpack-gen.html)

m4D_guY

23.03.2011 03:49

AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen

Gute(n) Tag/Nacht Trojaner-board-Team,

während der Google-Bilder-Suche tauchte eine AntiVir Meldung auf, dass auf meinem Computer der Trojaner "TR/Crypt.XPACK.Gen" gefunden wurde. :killpc:

Beim Versuch den Trojaner mit Hilfe des AntiVir Fundmeldungsfensters zu löschen, veränderte sich meines Erachtens nur der Dateiname und die Fundmeldung tauchte nach jedem Löschvorgang wieder auf. Es wurde aber weiterhin der Trojaner "TR/Crypt.XPACK.Gen" als Fund angezeigt. Anwählen des Feldes "Zugriff verweigern" führte zum selben Ergebnis bzw. dazu, dass die Fundmeldung nicht mehr auftauchte.

Ich habe mit Hilfe der Antivir Chronik die Fehlermeldungen in einem "Screenshot-mashup" zusammengestellt, und die sich ändernden Dateinamen mit einer roten Ellypse markiert. (siehe Screenshot 1)

Nach dem Googeln des Trojaners wurde ich auf diesen Thread:

http://www.trojaner-board.de/55718-a...xpack-gen.html

in ihrem Forum aufmerksam.

Da sich hier im Verlaufe der Bearbetung der Sachlage eine Neuinstallation in Folge eines Neustarts als unvermeidbar heraus stellte, verzichtete ich auf das Ausführen jeglicher Programme die einen Neustart auslösen.

(Malwarebytes' hat den PC neugestartet und ich habe es nicht verhindern können, hat sich aber als ungefährlich herausgestellt)

:pfeiff:
Auch auf das in den Tipps zur Threaderstellung empfohlene "Load.exe".

Denn ich verfüge über keine Windows-cd oder dergleichen, da der Laptop ein Geschenk war.

Ich habe einen kompletten Scan mit AntiVir (kein Scanlog oder ähnliches vorhanden) und Malwarebytes' durchlaufen lassen. Wobei beide Scans teilweise zur gleichen Zeit liefen.
Nach dem Antivirscan tauchte abermals die Fundmeldung des Trojaners auf mit dem Hinweis, das er nicht in die Quarantäne verschoben werden konnte.

Ich habe daraufhin, die Option "Gesperrte Datei nach Neustart löschen gewählt".

Ich hoffe, ich habe die Tipps korrekt gehandhabt (trotz des Absehens von "Load.exe") und auf eine baldige Antwort.

MfG und einem :dankeschoen:

m4D_guY

Malwarebytes':

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6137

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.03.2011 03:51:11
mbam-log-2011-03-23 (03-51-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 324694
Laufzeit: 1 Stunde(n), 36 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{b1c584c6-9b5f-44fc-9f73-34a94ff1bd8c}\rp68\a0008972.exe (PUP.HackTool.LOIC) -> Quarantined and deleted successfully.
d:\system volume information\_restore{b1c584c6-9b5f-44fc-9f73-34a94ff1bd8c}\rp68\a0008973.exe (PUP.HackTool.LOIC) -> Quarantined and deleted successfully.

cosinus

23.03.2011 12:41

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

m4D_guY

23.03.2011 14:37

Nein, da ich Malewarebytes erst nach auftauchen des Trojaners installiert habe.
Ich habe allerdings noch einmal einen Scan durchlaufen lassen. Diesmal jedoch nur einen Quickscan.
Sollte ich noch andere Programme installieren und benutzen?

2. Malewarebytesscan:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6137

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.03.2011 14:27:40
mbam-log-2011-03-23 (14-27-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152256
Laufzeit: 5 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus

23.03.2011 14:50

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

m4D_guY

23.03.2011 15:46

OK hier sind die beiden ScansOTL Logfile:

Code:

OTL Extras logfile created on: 23.03.2011 15:37:18 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,10 Gb Total Space | 49,83 Gb Free Space | 53,52% Space Free | Partition Type: FAT32

Drive D: | 139,70 Gb Total Space | 51,47 Gb Free Space | 36,85% Space Free | Partition Type: FAT32

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"D:\Spiele\Rise and Fall\RiseAndFall.exe" = D:\Spiele\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War -- (Midway Home Entertainment)

"D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe" = D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)

"D:\Spiele\Two Worlds\TwoWorlds.exe" = D:\Spiele\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump)

"D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe" = D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump)

"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"D:\Spiele\Stronghold 2\Stronghold2.exe" = D:\Spiele\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"D:\Spiele\Mass Effect\Binaries\MassEffect.exe" = D:\Spiele\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"D:\Spiele\Mass Effect\MassEffectLauncher.exe" = D:\Spiele\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07E23E10-F663-5D23-6393-DC82AFC8B475}" = ccc-core-static

"{0CE42E4B-82AA-41AE-BB33-E0307555D4C9}" = Catalyst Control Center Localization Chinese Standard

"{0FFC10A2-3B60-283D-0DDE-91EF4A3B0969}" = Catalyst Control Center Localization Finnish

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18742725-FAAF-4FF5-AA21-88A5814BC9CE}" = Audiograbber 1.83 SE

"{18F98693-AF94-11FC-0650-25E724F58C9E}" = Catalyst Control Center Graphics Full Existing

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{221F14FF-7DAA-70C4-3A46-FA50EC2AB6E1}" = CCC Help Portuguese

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{27A5A63B-3290-F55F-FD6D-D8F87CC0006F}" = Catalyst Control Center Localization Thai

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2B85C4A2-9E74-E583-01A8-B947172F39D4}" = Catalyst Control Center Localization Japanese

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004

"{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{33CD74BF-8544-15AF-D4A9-BA1791550927}" = Catalyst Control Center Core Implementation

"{344C4348-6397-FEEB-ADE5-98D95D5A87E3}" = CCC Help Chinese Standard

"{34D1C6F2-5B2C-A27E-CC6D-FE55B78DEB69}" = Catalyst Control Center Localization Spanish

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium

"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32

"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear

"{44F934C2-3CFB-1229-6872-35F3662268F6}" = Catalyst Control Center Localization French

"{461B9564-65CB-1D4A-46B2-CC27DC4F07EC}" = CCC Help Swedish

"{4F400CD4-ABB5-5973-8F0C-40BBF28C0B8C}" = CCC Help Turkish

"{4FBA95A6-7F4E-6ED0-EA7A-A3C46A64A51E}" = CCC Help Thai

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{5039F71C-7A31-568E-D002-07FF5F95ACBF}" = CCC Help English

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{52326763-A5B3-9514-4655-A82828CD9B2D}" = Catalyst Control Center Localization Norwegian

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{539D0779-8D8D-9BB8-8D1C-F04C647B6267}" = CCC Help German

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{571A9704-FA7C-9560-7AEF-2B630DCB894B}" = CCC Help Spanish

"{579141D6-019E-A917-97A3-359E87EDC2C2}" = Catalyst Control Center Localization Czech

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{5954CB86-A47E-F865-A534-2473C7500EA4}" = Catalyst Control Center Localization German

"{5A02B151-2AA2-D1C6-6165-F6AA00C1D9C4}" = Catalyst Control Center Localization Turkish

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos

"{5F407E27-927F-3997-EDF1-2EF57FE14328}" = CCC Help Italian

"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60829E1B-6DD2-2D98-ED53-BA097E84A954}" = Catalyst Control Center Localization Russian

"{6179B0A4-9A6D-9793-9839-30A637DD70FB}" = Catalyst Control Center Localization Dutch

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6DEAD32C-7067-6AA8-5CDB-A1FDCA44A4B6}" = Catalyst Control Center Graphics Previews Common

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739ECDBA-F065-73DB-0553-BA8A4F8B4753}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78155353-3D54-2FCA-395D-1BABEEC2C562}" = CCC Help Korean

"{793D040C-F449-8EE9-484F-F9084321D747}" = CCC Help Dutch

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{7F6B6DC9-F082-5A97-A240-1D71042C00CA}" = Catalyst Control Center Localization Chinese Traditional

"{7F976697-3404-1BBE-48A4-EB154BE2492B}" = CCC Help Chinese Traditional

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{81CC6FB7-8EF6-0ACB-60EC-B0F035B2EDCA}" = Catalyst Control Center Localization Danish

"{8238F0E3-34A4-47DE-A78A-8753C21EFAC0}" = CCC Help Russian

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{850C4C12-57E2-43E4-B66B-B08B120C55F3}" = FireBurner

"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006

"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold

"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5

"{8734AA3A-E94D-2A2E-4B37-902E104DFC46}" = Catalyst Control Center Localization Polish

"{87911A27-1567-42B0-B8B7-2150D20E7AB6}" = DDBAC

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90A50153-331D-FFFF-4F21-D146672B3AB7}" = Catalyst Control Center Localization Italian

"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a

"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean

"{9757A86E-ACAB-9AE2-2B51-B78AD70B0DFD}" = Catalyst Control Center Graphics Light

"{97AFD0D8-5720-4A59-BFDC-CB92A36FADF9}_is1" = Company of Heroes: Eastern Front 1.20

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{9920A86F-A622-2D1C-0BE6-D872B8FD2A2B}" = CCC Help Japanese

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A73B5BA6-2540-C173-6AC9-2110778D3EB4}" = CCC Help Greek

"{A75C66FD-02D5-4D0D-DCB1-6C2730B3E4AF}" = Catalyst Control Center Localization Greek

"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI

"{A8B30A2D-5428-6259-3CC8-81F725B44130}" = CCC Help Finnish

"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF5FFB4C-3175-9482-4F03-D68AB423368A}" = Catalyst Control Center Localization Swedish

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B05A5743-AF48-60B3-BEFD-0F042FDB75B4}" = ccc-utility

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BFD9BF35-B5B3-B021-8F71-9D0137AAB57F}" = ccc-core-preinstall

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk

"{C27DC823-0996-5109-2F03-C8BD43963438}" = CCC Help Polish

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{DAEB7FC7-1AAB-499A-241E-F54D1DD1725D}" = Catalyst Control Center Localization Korean

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DE486CCB-3C9B-7EEE-1328-2209EC6500EC}" = Catalyst Control Center Localization Portuguese

"{E0260323-5186-AAA6-43AD-48AE0E475689}" = CCC Help Czech

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39F7325-FFE5-EDEC-044B-812BA1B0C8F2}" = CCC Help French

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E5F9A595-3E77-55AB-6109-06C02BBC7F36}" = Skins

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EA759367-590A-AE0D-B2B0-E89151ACB9AE}" = CCC Help Hungarian

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID

"{F0B6BD72-54C6-F391-7AD8-DA26D572752A}" = CCC Help Danish

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall

"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F92EAC2A-1CBC-F17C-C3F0-E79C3697CE79}" = Catalyst Control Center Localization Hungarian

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"{FC9B3A61-FD27-85DE-C8DC-F04D7944B4B2}" = Catalyst Control Center Graphics Full New

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"AnyDVD" = AnyDVD

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CDex" = CDex extraction audio

"CloneCD" = CloneCD

"CloneDVD2" = CloneDVD2

"Company of Heroes" = Company of Heroes

"DivX Setup.divx.com" = DivX-Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch

"EAX Unified" = EAX Unified

"Flyingcode NFO-Viewer_is1" = Flyingcode NFO-Viewer 1.0

"Freelancer 1.0" = Freelancer

"Guild Wars" = GUILD WARS

"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
 

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0

"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002

"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 1.9

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.27091

"Mafia" = Mafia

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"map&guide 11 Karte Deutschland City" = map&guide 11 Karte Deutschland City

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QVP" = Quick View Plus

"RegSupreme Pro_is1" = RegSupreme Pro 1.2

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"Soldat_is1" = Soldat 1.5.0

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"Steam App 240" = Counter-Strike: Source

"Steam App 630" = Alien Swarm

"Tunngle beta_is1" = Tunngle beta

"TVgenial" = TVgenial

"Two Worlds" = Two Worlds

"UltraISO_is1" = UltraISO 8.0 Premium Edition

"VLC media player" = VideoLAN VLC media player 0.8.2

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR Archivierer

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

"XviD_is1" = XviD 1.1 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.03.2011 15:51:51 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 18.03.2011 16:13:50 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 10:23:01 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 15:52:06 | Computer Name = JOHANNES-LAPTOP | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.

 

Error - 20.03.2011 13:20:38 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 21.03.2011 16:58:49 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 11:35:04 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 16:53:52 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:03:34 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:04:01 | Computer Name = JOHANNES-LAPTOP | Source = ESENT | ID = 490

Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 22.03.2011 16:54:09 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 16:54:09 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 19:06:46 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 22.03.2011 19:07:28 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 22.03.2011 23:01:31 | Computer Name = JOHANNES-LAPTOP | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 10:35:55 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 23.03.2011 15:37:18 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,10 Gb Total Space | 49,83 Gb Free Space | 53,52% Space Free | Partition Type: FAT32

Drive D: | 139,70 Gb Total Space | 51,47 Gb Free Space | 36,85% Space Free | Partition Type: FAT32

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)

PRC - C:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)

PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\ASScrPro.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Programme\ATK Hotkey\WDC.exe ()

PRC - C:\Programme\ATK Hotkey\HControlUser.exe ()

PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\WINDOWS\system32\acs.exe (Atheros)

PRC - C:\Programme\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Programme\Wireless Console 2\wcourier.exe ()

PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

PRC - C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) --  File not found

SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

SRV - (PDEngine) -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDSched) -- C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)

SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)

DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AsDsm) -- C:\WINDOWS\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()

DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)

DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)

DRV - (ddxgb) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ddxgb.sys ()

DRV - (Defrag32b) -- C:\WINDOWS\System32\drivers\defrag32b.sys (Raxco Software, Inc.)

DRV - (Defrag32) -- C:\WINDOWS\System32\drivers\defrag32.sys (Raxco Software, Inc.)

DRV - (siside) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)

DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)

DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)

DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)

DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)

DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)

DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)

DRV - (ASNDIS5) -- C:\Programme\ATK Hotkey\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.09.24 19:27:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.09.24 19:27:54 | 000,000,000 | ---D | M]

 

[2008.12.24 17:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2008.12.24 16:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions

[2011.01.17 15:46:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2008.12.26 21:16:18 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\youtube-videosuche.xml

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\conduit.xml

[2008.09.24 19:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 23:33:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 23:33:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 23:33:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 23:33:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 23:33:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.06.01 19:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100)

O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Programme\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [MsgTranAgt] C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.09.24 21:46:32 | 000,000,718 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2008.05.01 18:36:21 | 000,726,248 | R--- | M] (BioWare) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.11.15 23:48:02 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.23 15:36:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 01:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.03.23 01:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.03.23 01:57:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.23 01:47:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 15:08:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare

[2011.03.20 18:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GUILD WARS

[2011.03.20 18:56:31 | 000,165,248 | ---- | C] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.15 17:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

[2011.03.15 17:48:32 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine

[2011.03.11 15:17:12 | 000,000,000 | -HSD | C] -- C:\FOUND.009

[2008.09.24 22:28:41 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.23 15:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 14:03:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.03.23 14:03:16 | 000,285,471 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.03.23 04:15:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011.03.23 03:09:32 | 000,142,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:26 | 000,140,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:44 | 000,179,279 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 03:00:18 | 003,840,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:24 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:16 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.23 01:48:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 23:31:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.03.22 15:08:58 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:04 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.20 18:56:28 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.18 19:46:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.03.14 23:48:56 | 000,014,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.11 12:34:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.03.04 18:31:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.03.04 17:18:08 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.03.03 18:39:02 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.23 03:09:31 | 000,142,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:24 | 000,140,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:43 | 000,179,279 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 02:58:01 | 003,840,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:23 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:23 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.22 15:08:56 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:03 | 000,000,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.14 23:48:54 | 000,014,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.03 18:39:00 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[2011.01.19 16:37:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.01.19 16:04:37 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe

[2010.07.13 22:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat

[2010.06.01 17:28:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.06.01 17:28:01 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.04.07 17:18:58 | 000,159,980 | ---- | C] () -- C:\WINDOWS\hpoins14.dat

[2010.04.07 17:18:58 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat

[2010.03.05 15:13:07 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009.01.13 15:50:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.01.09 17:43:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.01.04 18:39:29 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.27 00:08:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe

[2008.12.26 21:48:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.12.24 17:36:29 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.12.24 17:19:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008.12.24 16:26:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008.09.25 01:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2008.09.25 00:59:58 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe

[2008.09.25 00:59:58 | 000,033,136 | ---- | C] () -- C:\WINDOWS\ASScrPro.exe

[2008.09.25 00:59:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2008.09.24 22:37:19 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2008.09.24 22:37:18 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2008.09.24 22:37:17 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2008.09.24 22:37:16 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2008.09.24 22:08:00 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc

[2008.09.24 22:06:42 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008.09.24 22:06:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.09.24 21:53:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008.09.24 21:48:41 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL

[2008.09.24 21:46:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VFO.INI

[2008.09.24 21:46:26 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.09.24 21:46:26 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.09.24 21:46:26 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.09.24 21:46:26 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.09.24 21:46:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.09.24 19:27:54 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008.09.24 19:11:51 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.09.24 19:08:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008.09.24 18:53:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008.09.24 18:41:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008.09.24 18:36:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008.09.24 18:35:31 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.09.12 23:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2006.06.01 19:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.06.01 19:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.06.01 19:06:00 | 000,462,550 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.06.01 19:06:00 | 000,443,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.06.01 19:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.06.01 19:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.06.01 19:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.06.01 19:06:00 | 000,085,732 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.06.01 19:06:00 | 000,072,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.06.01 19:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.06.01 19:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.06.01 19:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.06.01 19:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.06.01 19:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.06.01 19:06:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006.06.01 19:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.04.29 16:43:54 | 000,000,288 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006.04.19 00:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004.12.20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2004.10.15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004.03.11 01:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
 

< End of report >

--- --- ---

cosinus

23.03.2011 16:19

Zitat:

Wieso sind alle Platten mit FAT32 als Dateisystem ausgestattet?! Das ist nicht mehr zeitgemäß, man kann aber nachträglich und ohne Datenverlust nach NTFS konvertieren.

m4D_guY

23.03.2011 16:29

Warum die Festplatten im FAT32 Format sind, weiß ich nicht, als ich den Computer erhalten habe waren sie bereits in diesem Format und ich dachte eine Umstellung würde nur mit einer Formatierung gehen.

An dieser Stelle auch eine Entschuldigung für den Doppelposts, ich bin unerfahren im Umgang mit Foren.

Ist es denn von Bedeutung in welchem Format die Platten sind, um eine sichere Nutzung zu gewährleisten?

cosinus

23.03.2011 16:31

Zitat:

Ist es denn von Bedeutung in welchem Format die Platten sind, um eine sichere Nutzung zu gewährleisten?

Ja. FAT32 ist ein uraltes DOS-Format, bzw unterscheidet sich nur unwesentlich von diesem.
Es kennt keine Rechtverwaltung!!

Systempartition nach NTFS konvertieren:

1) Start, Ausführen, cmd eintippen und ok
2) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
3) Die aktuelle Bezeichnung von C: eintippen (siehst Du im Arbeitsplatz auf C:, wenn "Lokaler Datenträger" da nur steht, hat C: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung)
4) Hinweis, dass das Laufwerk beim nächsten Windows-Start konvertiert werden soll mit J bestätigen und Windows neustarten lassen, geduldig sein!

Das gleiche machst du mit Laufwerk D: über convert d: /fs:ntfs

USB-Sticks können ruhig auf FAT32 bleiben.

m4D_guY

23.03.2011 20:56

Hab jetzt beide Partitionen auf NTFS formatiert und noch einmal einen scan mit OTL und Malewarebytes gemacht.

Die zeigen aber nichts mehr an. Ist der Trojaner jetzt vollstänndig gelöscht oder könnten noch irgendwelche Rückstände irgendwo sein?

Malewarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6137

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.03.2011 20:55:59
mbam-log-2011-03-23 (20-55-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152586
Laufzeit: 7 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL:OTL Logfile:

Code:

OTL Extras logfile created on: 23.03.2011 20:48:09 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 53,09 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,78 Gb Free Space | 37,77% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"D:\Spiele\Rise and Fall\RiseAndFall.exe" = D:\Spiele\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War -- (Midway Home Entertainment)

"D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe" = D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)

"D:\Spiele\Two Worlds\TwoWorlds.exe" = D:\Spiele\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump)

"D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe" = D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump)

"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"D:\Spiele\Stronghold 2\Stronghold2.exe" = D:\Spiele\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"D:\Spiele\Mass Effect\Binaries\MassEffect.exe" = D:\Spiele\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"D:\Spiele\Mass Effect\MassEffectLauncher.exe" = D:\Spiele\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07E23E10-F663-5D23-6393-DC82AFC8B475}" = ccc-core-static

"{0CE42E4B-82AA-41AE-BB33-E0307555D4C9}" = Catalyst Control Center Localization Chinese Standard

"{0FFC10A2-3B60-283D-0DDE-91EF4A3B0969}" = Catalyst Control Center Localization Finnish

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18742725-FAAF-4FF5-AA21-88A5814BC9CE}" = Audiograbber 1.83 SE

"{18F98693-AF94-11FC-0650-25E724F58C9E}" = Catalyst Control Center Graphics Full Existing

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{221F14FF-7DAA-70C4-3A46-FA50EC2AB6E1}" = CCC Help Portuguese

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{27A5A63B-3290-F55F-FD6D-D8F87CC0006F}" = Catalyst Control Center Localization Thai

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2B85C4A2-9E74-E583-01A8-B947172F39D4}" = Catalyst Control Center Localization Japanese

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004

"{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{33CD74BF-8544-15AF-D4A9-BA1791550927}" = Catalyst Control Center Core Implementation

"{344C4348-6397-FEEB-ADE5-98D95D5A87E3}" = CCC Help Chinese Standard

"{34D1C6F2-5B2C-A27E-CC6D-FE55B78DEB69}" = Catalyst Control Center Localization Spanish

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium

"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32

"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear

"{44F934C2-3CFB-1229-6872-35F3662268F6}" = Catalyst Control Center Localization French

"{461B9564-65CB-1D4A-46B2-CC27DC4F07EC}" = CCC Help Swedish

"{4F400CD4-ABB5-5973-8F0C-40BBF28C0B8C}" = CCC Help Turkish

"{4FBA95A6-7F4E-6ED0-EA7A-A3C46A64A51E}" = CCC Help Thai

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{5039F71C-7A31-568E-D002-07FF5F95ACBF}" = CCC Help English

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{52326763-A5B3-9514-4655-A82828CD9B2D}" = Catalyst Control Center Localization Norwegian

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{539D0779-8D8D-9BB8-8D1C-F04C647B6267}" = CCC Help German

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{571A9704-FA7C-9560-7AEF-2B630DCB894B}" = CCC Help Spanish

"{579141D6-019E-A917-97A3-359E87EDC2C2}" = Catalyst Control Center Localization Czech

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{5954CB86-A47E-F865-A534-2473C7500EA4}" = Catalyst Control Center Localization German

"{5A02B151-2AA2-D1C6-6165-F6AA00C1D9C4}" = Catalyst Control Center Localization Turkish

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos

"{5F407E27-927F-3997-EDF1-2EF57FE14328}" = CCC Help Italian

"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60829E1B-6DD2-2D98-ED53-BA097E84A954}" = Catalyst Control Center Localization Russian

"{6179B0A4-9A6D-9793-9839-30A637DD70FB}" = Catalyst Control Center Localization Dutch

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6DEAD32C-7067-6AA8-5CDB-A1FDCA44A4B6}" = Catalyst Control Center Graphics Previews Common

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739ECDBA-F065-73DB-0553-BA8A4F8B4753}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78155353-3D54-2FCA-395D-1BABEEC2C562}" = CCC Help Korean

"{793D040C-F449-8EE9-484F-F9084321D747}" = CCC Help Dutch

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{7F6B6DC9-F082-5A97-A240-1D71042C00CA}" = Catalyst Control Center Localization Chinese Traditional

"{7F976697-3404-1BBE-48A4-EB154BE2492B}" = CCC Help Chinese Traditional

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{81CC6FB7-8EF6-0ACB-60EC-B0F035B2EDCA}" = Catalyst Control Center Localization Danish

"{8238F0E3-34A4-47DE-A78A-8753C21EFAC0}" = CCC Help Russian

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{850C4C12-57E2-43E4-B66B-B08B120C55F3}" = FireBurner

"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006

"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold

"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5

"{8734AA3A-E94D-2A2E-4B37-902E104DFC46}" = Catalyst Control Center Localization Polish

"{87911A27-1567-42B0-B8B7-2150D20E7AB6}" = DDBAC

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90A50153-331D-FFFF-4F21-D146672B3AB7}" = Catalyst Control Center Localization Italian

"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a

"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean

"{9757A86E-ACAB-9AE2-2B51-B78AD70B0DFD}" = Catalyst Control Center Graphics Light

"{97AFD0D8-5720-4A59-BFDC-CB92A36FADF9}_is1" = Company of Heroes: Eastern Front 1.20

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{9920A86F-A622-2D1C-0BE6-D872B8FD2A2B}" = CCC Help Japanese

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A73B5BA6-2540-C173-6AC9-2110778D3EB4}" = CCC Help Greek

"{A75C66FD-02D5-4D0D-DCB1-6C2730B3E4AF}" = Catalyst Control Center Localization Greek

"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI

"{A8B30A2D-5428-6259-3CC8-81F725B44130}" = CCC Help Finnish

"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF5FFB4C-3175-9482-4F03-D68AB423368A}" = Catalyst Control Center Localization Swedish

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B05A5743-AF48-60B3-BEFD-0F042FDB75B4}" = ccc-utility

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BFD9BF35-B5B3-B021-8F71-9D0137AAB57F}" = ccc-core-preinstall

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk

"{C27DC823-0996-5109-2F03-C8BD43963438}" = CCC Help Polish

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{DAEB7FC7-1AAB-499A-241E-F54D1DD1725D}" = Catalyst Control Center Localization Korean

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DE486CCB-3C9B-7EEE-1328-2209EC6500EC}" = Catalyst Control Center Localization Portuguese

"{E0260323-5186-AAA6-43AD-48AE0E475689}" = CCC Help Czech

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39F7325-FFE5-EDEC-044B-812BA1B0C8F2}" = CCC Help French

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E5F9A595-3E77-55AB-6109-06C02BBC7F36}" = Skins

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EA759367-590A-AE0D-B2B0-E89151ACB9AE}" = CCC Help Hungarian

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID

"{F0B6BD72-54C6-F391-7AD8-DA26D572752A}" = CCC Help Danish

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall

"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F92EAC2A-1CBC-F17C-C3F0-E79C3697CE79}" = Catalyst Control Center Localization Hungarian

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"{FC9B3A61-FD27-85DE-C8DC-F04D7944B4B2}" = Catalyst Control Center Graphics Full New

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"AnyDVD" = AnyDVD

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CDex" = CDex extraction audio

"CloneCD" = CloneCD

"CloneDVD2" = CloneDVD2

"Company of Heroes" = Company of Heroes

"DivX Setup.divx.com" = DivX-Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch

"EAX Unified" = EAX Unified

"Flyingcode NFO-Viewer_is1" = Flyingcode NFO-Viewer 1.0

"Freelancer 1.0" = Freelancer

"Guild Wars" = GUILD WARS

"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
 

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0

"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002

"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 1.9

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.27091

"Mafia" = Mafia

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"map&guide 11 Karte Deutschland City" = map&guide 11 Karte Deutschland City

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QVP" = Quick View Plus

"RegSupreme Pro_is1" = RegSupreme Pro 1.2

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"Soldat_is1" = Soldat 1.5.0

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"Steam App 240" = Counter-Strike: Source

"Steam App 630" = Alien Swarm

"Tunngle beta_is1" = Tunngle beta

"TVgenial" = TVgenial

"Two Worlds" = Two Worlds

"UltraISO_is1" = UltraISO 8.0 Premium Edition

"VLC media player" = VideoLAN VLC media player 0.8.2

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR Archivierer

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

"XviD_is1" = XviD 1.1 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.03.2011 15:51:51 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 18.03.2011 16:13:50 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 10:23:01 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 15:52:06 | Computer Name = JOHANNES-LAPTOP | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.

 

Error - 20.03.2011 13:20:38 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 21.03.2011 16:58:49 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 11:35:04 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 16:53:52 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:03:34 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:04:01 | Computer Name = JOHANNES-LAPTOP | Source = ESENT | ID = 490

Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 22.03.2011 19:07:28 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 22.03.2011 23:01:31 | Computer Name = JOHANNES-LAPTOP | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 10:35:55 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 23.03.2011 10:54:05 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 23.03.2011 13:32:04 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 13:32:04 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 23.03.2011 20:48:09 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 53,09 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,78 Gb Free Space | 37,77% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\ASScrPro.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Programme\ATK Hotkey\WDC.exe ()

PRC - C:\Programme\ATK Hotkey\HControlUser.exe ()

PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\WINDOWS\system32\acs.exe (Atheros)

PRC - C:\Programme\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Programme\Wireless Console 2\wcourier.exe ()

PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

PRC - C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (kwyena) --  File not found

SRV - (HidServ) --  File not found

SRV - (bqxpnwp) --  File not found

SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

SRV - (PDEngine) -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDSched) -- C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)

SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)

DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AsDsm) -- C:\WINDOWS\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()

DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)

DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)

DRV - (ddxgb) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ddxgb.sys ()

DRV - (Defrag32b) -- C:\WINDOWS\System32\drivers\defrag32b.sys (Raxco Software, Inc.)

DRV - (Defrag32) -- C:\WINDOWS\System32\drivers\defrag32.sys (Raxco Software, Inc.)

DRV - (siside) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)

DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)

DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)

DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)

DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)

DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)

DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)

DRV - (ASNDIS5) -- C:\Programme\ATK Hotkey\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.09.24 19:27:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.09.24 19:27:54 | 000,000,000 | ---D | M]

 

[2008.12.24 17:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2008.12.24 16:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions

[2011.01.17 15:46:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\conduit.xml

[2008.12.26 21:16:18 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\youtube-videosuche.xml

[2008.09.24 19:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 23:33:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 23:33:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 23:33:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 23:33:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 23:33:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.06.01 19:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100)

O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Programme\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [MsgTranAgt] C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.09.24 21:46:32 | 000,000,718 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008.05.01 18:36:21 | 000,726,248 | R--- | M] (BioWare) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.11.15 23:48:02 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.23 15:36:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 01:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.03.23 01:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.03.23 01:57:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.23 01:47:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 15:08:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare

[2011.03.20 18:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GUILD WARS

[2011.03.20 18:56:31 | 000,165,248 | ---- | C] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.15 17:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

[2011.03.15 17:48:32 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine

[2011.03.11 15:17:12 | 000,000,000 | -HSD | C] -- C:\FOUND.009

[2008.09.24 22:28:41 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.23 18:30:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.03.23 18:30:25 | 000,286,053 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.03.23 18:15:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011.03.23 15:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 03:09:32 | 000,142,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:26 | 000,140,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:44 | 000,179,279 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 03:00:18 | 003,840,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:24 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:16 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.23 01:48:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 23:31:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.03.22 15:08:58 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:04 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.20 18:56:28 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.18 19:46:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.03.14 23:48:56 | 000,014,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.11 12:34:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.03.04 18:31:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.03.04 17:18:08 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.03.03 18:39:02 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.23 03:09:31 | 000,142,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:24 | 000,140,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:43 | 000,179,279 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 02:58:01 | 003,840,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:23 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:23 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.22 15:08:56 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:03 | 000,000,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.14 23:48:54 | 000,014,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.03 18:39:00 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[2011.01.19 16:37:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.01.19 16:04:37 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe

[2010.07.13 22:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat

[2010.06.01 17:28:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.06.01 17:28:01 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.04.07 17:18:58 | 000,159,980 | ---- | C] () -- C:\WINDOWS\hpoins14.dat

[2010.04.07 17:18:58 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat

[2010.03.05 15:13:07 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009.01.13 15:50:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.01.09 17:43:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.01.04 18:39:29 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.27 00:08:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe

[2008.12.26 21:48:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.12.24 17:36:29 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.12.24 17:19:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008.12.24 16:26:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008.09.25 01:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2008.09.25 00:59:58 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe

[2008.09.25 00:59:58 | 000,033,136 | ---- | C] () -- C:\WINDOWS\ASScrPro.exe

[2008.09.25 00:59:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2008.09.24 22:37:19 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2008.09.24 22:37:18 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2008.09.24 22:37:17 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2008.09.24 22:37:16 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2008.09.24 22:08:00 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc

[2008.09.24 22:06:42 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008.09.24 22:06:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.09.24 21:53:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008.09.24 21:48:41 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL

[2008.09.24 21:46:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VFO.INI

[2008.09.24 21:46:26 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.09.24 21:46:26 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.09.24 21:46:26 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.09.24 21:46:26 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.09.24 21:46:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.09.24 19:27:54 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008.09.24 19:11:51 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.09.24 19:08:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008.09.24 18:53:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008.09.24 18:41:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008.09.24 18:36:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008.09.24 18:35:31 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.09.12 23:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2006.06.01 19:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.06.01 19:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.06.01 19:06:00 | 000,462,550 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.06.01 19:06:00 | 000,443,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.06.01 19:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.06.01 19:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.06.01 19:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.06.01 19:06:00 | 000,085,732 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.06.01 19:06:00 | 000,072,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.06.01 19:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.06.01 19:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.06.01 19:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.06.01 19:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.06.01 19:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.06.01 19:06:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006.06.01 19:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.04.29 16:43:54 | 000,000,288 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006.04.19 00:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004.12.20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2004.10.15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004.03.11 01:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
 

< End of report >

--- --- ---

m4D_guY

23.03.2011 20:56

Code:

OTL Extras logfile created on: 23.03.2011 20:48:09 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 53,09 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,78 Gb Free Space | 37,77% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"D:\Spiele\Rise and Fall\RiseAndFall.exe" = D:\Spiele\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War -- (Midway Home Entertainment)

"D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe" = D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)

"D:\Spiele\Two Worlds\TwoWorlds.exe" = D:\Spiele\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump)

"D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe" = D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump)

"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"D:\Spiele\Stronghold 2\Stronghold2.exe" = D:\Spiele\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"D:\Spiele\Mass Effect\Binaries\MassEffect.exe" = D:\Spiele\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"D:\Spiele\Mass Effect\MassEffectLauncher.exe" = D:\Spiele\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07E23E10-F663-5D23-6393-DC82AFC8B475}" = ccc-core-static

"{0CE42E4B-82AA-41AE-BB33-E0307555D4C9}" = Catalyst Control Center Localization Chinese Standard

"{0FFC10A2-3B60-283D-0DDE-91EF4A3B0969}" = Catalyst Control Center Localization Finnish

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18742725-FAAF-4FF5-AA21-88A5814BC9CE}" = Audiograbber 1.83 SE

"{18F98693-AF94-11FC-0650-25E724F58C9E}" = Catalyst Control Center Graphics Full Existing

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{221F14FF-7DAA-70C4-3A46-FA50EC2AB6E1}" = CCC Help Portuguese

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{27A5A63B-3290-F55F-FD6D-D8F87CC0006F}" = Catalyst Control Center Localization Thai

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2B85C4A2-9E74-E583-01A8-B947172F39D4}" = Catalyst Control Center Localization Japanese

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004

"{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{33CD74BF-8544-15AF-D4A9-BA1791550927}" = Catalyst Control Center Core Implementation

"{344C4348-6397-FEEB-ADE5-98D95D5A87E3}" = CCC Help Chinese Standard

"{34D1C6F2-5B2C-A27E-CC6D-FE55B78DEB69}" = Catalyst Control Center Localization Spanish

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium

"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32

"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear

"{44F934C2-3CFB-1229-6872-35F3662268F6}" = Catalyst Control Center Localization French

"{461B9564-65CB-1D4A-46B2-CC27DC4F07EC}" = CCC Help Swedish

"{4F400CD4-ABB5-5973-8F0C-40BBF28C0B8C}" = CCC Help Turkish

"{4FBA95A6-7F4E-6ED0-EA7A-A3C46A64A51E}" = CCC Help Thai

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{5039F71C-7A31-568E-D002-07FF5F95ACBF}" = CCC Help English

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{52326763-A5B3-9514-4655-A82828CD9B2D}" = Catalyst Control Center Localization Norwegian

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{539D0779-8D8D-9BB8-8D1C-F04C647B6267}" = CCC Help German

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{571A9704-FA7C-9560-7AEF-2B630DCB894B}" = CCC Help Spanish

"{579141D6-019E-A917-97A3-359E87EDC2C2}" = Catalyst Control Center Localization Czech

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{5954CB86-A47E-F865-A534-2473C7500EA4}" = Catalyst Control Center Localization German

"{5A02B151-2AA2-D1C6-6165-F6AA00C1D9C4}" = Catalyst Control Center Localization Turkish

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos

"{5F407E27-927F-3997-EDF1-2EF57FE14328}" = CCC Help Italian

"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60829E1B-6DD2-2D98-ED53-BA097E84A954}" = Catalyst Control Center Localization Russian

"{6179B0A4-9A6D-9793-9839-30A637DD70FB}" = Catalyst Control Center Localization Dutch

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6DEAD32C-7067-6AA8-5CDB-A1FDCA44A4B6}" = Catalyst Control Center Graphics Previews Common

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739ECDBA-F065-73DB-0553-BA8A4F8B4753}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78155353-3D54-2FCA-395D-1BABEEC2C562}" = CCC Help Korean

"{793D040C-F449-8EE9-484F-F9084321D747}" = CCC Help Dutch

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{7F6B6DC9-F082-5A97-A240-1D71042C00CA}" = Catalyst Control Center Localization Chinese Traditional

"{7F976697-3404-1BBE-48A4-EB154BE2492B}" = CCC Help Chinese Traditional

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{81CC6FB7-8EF6-0ACB-60EC-B0F035B2EDCA}" = Catalyst Control Center Localization Danish

"{8238F0E3-34A4-47DE-A78A-8753C21EFAC0}" = CCC Help Russian

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{850C4C12-57E2-43E4-B66B-B08B120C55F3}" = FireBurner

"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006

"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold

"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5

"{8734AA3A-E94D-2A2E-4B37-902E104DFC46}" = Catalyst Control Center Localization Polish

"{87911A27-1567-42B0-B8B7-2150D20E7AB6}" = DDBAC

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90A50153-331D-FFFF-4F21-D146672B3AB7}" = Catalyst Control Center Localization Italian

"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a

"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean

"{9757A86E-ACAB-9AE2-2B51-B78AD70B0DFD}" = Catalyst Control Center Graphics Light

"{97AFD0D8-5720-4A59-BFDC-CB92A36FADF9}_is1" = Company of Heroes: Eastern Front 1.20

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{9920A86F-A622-2D1C-0BE6-D872B8FD2A2B}" = CCC Help Japanese

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A73B5BA6-2540-C173-6AC9-2110778D3EB4}" = CCC Help Greek

"{A75C66FD-02D5-4D0D-DCB1-6C2730B3E4AF}" = Catalyst Control Center Localization Greek

"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI

"{A8B30A2D-5428-6259-3CC8-81F725B44130}" = CCC Help Finnish

"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF5FFB4C-3175-9482-4F03-D68AB423368A}" = Catalyst Control Center Localization Swedish

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B05A5743-AF48-60B3-BEFD-0F042FDB75B4}" = ccc-utility

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BFD9BF35-B5B3-B021-8F71-9D0137AAB57F}" = ccc-core-preinstall

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk

"{C27DC823-0996-5109-2F03-C8BD43963438}" = CCC Help Polish

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{DAEB7FC7-1AAB-499A-241E-F54D1DD1725D}" = Catalyst Control Center Localization Korean

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DE486CCB-3C9B-7EEE-1328-2209EC6500EC}" = Catalyst Control Center Localization Portuguese

"{E0260323-5186-AAA6-43AD-48AE0E475689}" = CCC Help Czech

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39F7325-FFE5-EDEC-044B-812BA1B0C8F2}" = CCC Help French

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E5F9A595-3E77-55AB-6109-06C02BBC7F36}" = Skins

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EA759367-590A-AE0D-B2B0-E89151ACB9AE}" = CCC Help Hungarian

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID

"{F0B6BD72-54C6-F391-7AD8-DA26D572752A}" = CCC Help Danish

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall

"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F92EAC2A-1CBC-F17C-C3F0-E79C3697CE79}" = Catalyst Control Center Localization Hungarian

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"{FC9B3A61-FD27-85DE-C8DC-F04D7944B4B2}" = Catalyst Control Center Graphics Full New

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"AnyDVD" = AnyDVD

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CDex" = CDex extraction audio

"CloneCD" = CloneCD

"CloneDVD2" = CloneDVD2

"Company of Heroes" = Company of Heroes

"DivX Setup.divx.com" = DivX-Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch

"EAX Unified" = EAX Unified

"Flyingcode NFO-Viewer_is1" = Flyingcode NFO-Viewer 1.0

"Freelancer 1.0" = Freelancer

"Guild Wars" = GUILD WARS

"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
 

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0

"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002

"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 1.9

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.27091

"Mafia" = Mafia

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"map&guide 11 Karte Deutschland City" = map&guide 11 Karte Deutschland City

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QVP" = Quick View Plus

"RegSupreme Pro_is1" = RegSupreme Pro 1.2

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"Soldat_is1" = Soldat 1.5.0

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"Steam App 240" = Counter-Strike: Source

"Steam App 630" = Alien Swarm

"Tunngle beta_is1" = Tunngle beta

"TVgenial" = TVgenial

"Two Worlds" = Two Worlds

"UltraISO_is1" = UltraISO 8.0 Premium Edition

"VLC media player" = VideoLAN VLC media player 0.8.2

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR Archivierer

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

"XviD_is1" = XviD 1.1 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.03.2011 15:51:51 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 18.03.2011 16:13:50 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 10:23:01 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 15:52:06 | Computer Name = JOHANNES-LAPTOP | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.

 

Error - 20.03.2011 13:20:38 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 21.03.2011 16:58:49 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 11:35:04 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 16:53:52 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:03:34 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:04:01 | Computer Name = JOHANNES-LAPTOP | Source = ESENT | ID = 490

Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 22.03.2011 19:07:28 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 22.03.2011 23:01:31 | Computer Name = JOHANNES-LAPTOP | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 22.03.2011 23:02:14 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 09:03:51 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 10:35:55 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 23.03.2011 10:54:05 | Computer Name = JOHANNES-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ImapiService"

 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:

{520CCA63-51A5-11D3-9144-00104BA11C5E}

 

Error - 23.03.2011 13:32:04 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Task Microsoft" wurde mit folgendem Fehler beendet:   %%126

 

Error - 23.03.2011 13:32:04 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Update Task" wurde mit folgendem Fehler beendet:   %%126

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 23.03.2011 20:48:09 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 53,09 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,78 Gb Free Space | 37,77% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 999,52 Mb Total Space | 912,68 Mb Free Space | 91,31% Space Free | Partition Type: FAT32

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\ASScrPro.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Programme\ATK Hotkey\WDC.exe ()

PRC - C:\Programme\ATK Hotkey\HControlUser.exe ()

PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\WINDOWS\system32\acs.exe (Atheros)

PRC - C:\Programme\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Programme\Wireless Console 2\wcourier.exe ()

PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

PRC - C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (kwyena) --  File not found

SRV - (HidServ) --  File not found

SRV - (bqxpnwp) --  File not found

SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

SRV - (PDEngine) -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDSched) -- C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)

SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)

DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AsDsm) -- C:\WINDOWS\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()

DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)

DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)

DRV - (ddxgb) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ddxgb.sys ()

DRV - (Defrag32b) -- C:\WINDOWS\System32\drivers\defrag32b.sys (Raxco Software, Inc.)

DRV - (Defrag32) -- C:\WINDOWS\System32\drivers\defrag32.sys (Raxco Software, Inc.)

DRV - (siside) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)

DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)

DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)

DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)

DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)

DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)

DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)

DRV - (ASNDIS5) -- C:\Programme\ATK Hotkey\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.09.24 19:27:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.09.24 19:27:54 | 000,000,000 | ---D | M]

 

[2008.12.24 17:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2008.12.24 16:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions

[2011.01.17 15:46:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\conduit.xml

[2008.12.26 21:16:18 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\youtube-videosuche.xml

[2008.09.24 19:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 23:33:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 23:33:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 23:33:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 23:33:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 23:33:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.06.01 19:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100)

O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Programme\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [MsgTranAgt] C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.09.24 21:46:32 | 000,000,718 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008.05.01 18:36:21 | 000,726,248 | R--- | M] (BioWare) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.11.15 23:48:02 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{50c11808-d7ba-11df-ae74-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell - "" = AutoRun

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cbd73f98-e8e7-11df-aea0-001e8c7eaf33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.23 15:36:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 01:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.03.23 01:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.03.23 01:57:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.03.23 01:57:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.23 01:47:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 15:08:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare

[2011.03.20 18:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GUILD WARS

[2011.03.20 18:56:31 | 000,165,248 | ---- | C] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.15 17:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

[2011.03.15 17:48:32 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine

[2011.03.11 15:17:12 | 000,000,000 | -HSD | C] -- C:\FOUND.009

[2008.09.24 22:28:41 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.23 18:30:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.03.23 18:30:25 | 000,286,053 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.03.23 18:15:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011.03.23 15:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 03:09:32 | 000,142,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:26 | 000,140,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:44 | 000,179,279 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 03:00:18 | 003,840,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:24 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:16 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.23 01:48:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 23:31:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.03.22 15:08:58 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:04 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.20 18:56:28 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.18 19:46:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.03.14 23:48:56 | 000,014,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.11 12:34:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.03.04 18:31:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.03.04 17:18:08 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.03.03 18:39:02 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.23 03:09:31 | 000,142,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 03:07:24 | 000,140,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 03:06:43 | 000,179,279 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 02:58:01 | 003,840,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 01:57:23 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 01:49:23 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.22 15:08:56 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 18:57:03 | 000,000,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.14 23:48:54 | 000,014,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.03 18:39:00 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[2011.01.19 16:37:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.01.19 16:04:37 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe

[2010.07.13 22:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat

[2010.06.01 17:28:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.06.01 17:28:01 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.04.07 17:18:58 | 000,159,980 | ---- | C] () -- C:\WINDOWS\hpoins14.dat

[2010.04.07 17:18:58 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat

[2010.03.05 15:13:07 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009.01.13 15:50:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.01.09 17:43:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.01.04 18:39:29 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.27 00:08:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe

[2008.12.26 21:48:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.12.24 17:36:29 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.12.24 17:19:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008.12.24 16:26:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008.09.25 01:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2008.09.25 00:59:58 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe

[2008.09.25 00:59:58 | 000,033,136 | ---- | C] () -- C:\WINDOWS\ASScrPro.exe

[2008.09.25 00:59:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2008.09.24 22:37:19 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2008.09.24 22:37:18 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2008.09.24 22:37:17 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2008.09.24 22:37:16 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2008.09.24 22:08:00 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc

[2008.09.24 22:06:42 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008.09.24 22:06:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.09.24 21:53:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008.09.24 21:48:41 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL

[2008.09.24 21:46:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VFO.INI

[2008.09.24 21:46:26 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.09.24 21:46:26 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.09.24 21:46:26 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.09.24 21:46:26 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.09.24 21:46:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.09.24 19:27:54 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008.09.24 19:11:51 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.09.24 19:08:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008.09.24 18:53:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008.09.24 18:41:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008.09.24 18:36:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008.09.24 18:35:31 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.09.12 23:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2006.06.01 19:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.06.01 19:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.06.01 19:06:00 | 000,462,550 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.06.01 19:06:00 | 000,443,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.06.01 19:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.06.01 19:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.06.01 19:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.06.01 19:06:00 | 000,085,732 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.06.01 19:06:00 | 000,072,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.06.01 19:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.06.01 19:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.06.01 19:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.06.01 19:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.06.01 19:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.06.01 19:06:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006.06.01 19:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.04.29 16:43:54 | 000,000,288 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006.04.19 00:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004.12.20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2004.10.15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004.03.11 01:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
 

< End of report >

--- --- ---

cosinus

23.03.2011 21:48

Edit: Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

m4D_guY

24.03.2011 17:09

Hier ist das ComboFix Log
Combofix Logfile:

Code:

ComboFix 11-03-23.06 - Administrator 24.03.2011  16:29:20.1.2 - x86

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Images

c:\images\de-ra3.sfv

c:\windows\system32\AutoRun.inf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))

.

.

2011-03-24 15:11 . 2011-03-24 15:11        --------        d-----w-        c:\programme\CCleaner

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2011-03-23 00:57 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-03-23 00:57 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-22 14:08 . 2011-03-22 14:08        --------        d-----w-        c:\programme\Gemeinsame Dateien\BioWare

2011-03-15 16:48 . 2011-03-15 16:48        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

2011-03-15 16:48 . 2011-03-15 16:48        0        ----a-w-        c:\windows\system32\ConduitEngine.tmp

2011-03-15 16:48 . 2011-03-15 16:48        --------        d-----w-        c:\programme\ConduitEngine

2011-03-11 14:17 . 2011-03-11 14:17        --------        d-----w-        C:\FOUND.009

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 11:34 . 2011-01-19 15:37        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll

2011-02-02 07:58 . 2008-09-24 17:40        2067456        ----a-w-        c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2008-09-24 17:40        677888        ----a-w-        c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2006-06-01 18:06        440832        ----a-w-        c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2006-06-01 18:06        290048        ----a-w-        c:\windows\system32\atmfd.dll

2010-12-31 14:03 . 2006-06-01 18:06        1855104        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\prxtbWin2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54        175912        ----a-w-        c:\programme\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

2011-01-17 14:54        175912        ----a-w-        c:\programme\Winload\prxtbWin2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\prxtbWin2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\programme\Winload\prxtbWin2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 16:08        143360        ----a-w-        c:\programme\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-01-26 15026056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="c:\programme\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]

"ATKHOTKEY"="c:\programme\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]

"MsgTranAgt"="c:\programme\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]

"ATKOSD2"="c:\programme\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]

"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-25 37232]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-25 33136]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\

CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2003-11-21 45056]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           PDBoot.exe\0autocheck autochk *\0OODBS

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^OpenOffice.org 3.2.lnk]

path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat Speed Launcher.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]

2008-01-15 16:27        851968        ----a-w-        c:\programme\ASUS\Splendid\ACMON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 01:08        483328        ----a-w-        c:\programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 11:43        69632        ----a-r-        c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 10:42        33120        ----a-w-        c:\programme\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

2007-11-30 10:20        51768        ----a-w-        c:\programme\ASUS\ASUS Live Update\ALU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]

2006-11-02 07:27        61440        ----a-w-        c:\programme\ASUS\ATK Media\DMedia.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-08-20 20:45        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-11 20:34        49152        ----a-w-        c:\programme\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 15:40        155648        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2004-03-11 00:26        406016        ----a-w-        c:\windows\system32\PSDrvCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]

2008-01-25 17:32        778240        ----a-w-        c:\programme\P4P\P4P.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 19:24        32768        ----a-w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-04-10 09:52        16861184        ----a-r-        c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-03-21 15:54        544768        ----a-r-        c:\windows\sm56hlpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-03-03 17:29        1242448        ----a-w-        c:\programme\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-01-22 16:54        136600        ----a-w-        c:\programme\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-07-12 17:32        74752        ----a-w-        c:\programme\Winamp\winampa.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Spiele\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=

"d:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"d:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"d:\\Spiele\\Rise and Fall\\RiseAndFall.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Spiele\\CoH\\RelicDownloader\\RelicDownloader.exe"=

"d:\\Spiele\\Two Worlds\\TwoWorlds.exe"=

"d:\\Spiele\\Two Worlds\\TwoWorlds_RADEON.exe"=

"c:\\Programme\\Tunngle\\TnglCtrl.exe"=

"c:\\Programme\\Tunngle\\Tunngle.exe"=

"c:\\Programme\\Steam\\Steam.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=

"d:\\Spiele\\Stronghold 2\\Stronghold2.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=

"c:\\Programme\\Steam\\SteamApps\\trollcook\\counter-strike source\\hl2.exe"=

"d:\\Spiele\\Mass Effect\\Binaries\\MassEffect.exe"=

"d:\\Spiele\\Mass Effect\\MassEffectLauncher.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.04.2010 00:06 691696]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.03.2010 20:03 108289]

R2 TunngleService;TunngleService;c:\programme\Tunngle\TnglCtrl.exe [13.07.2010 22:53 716024]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.01.2008 12:06 21632]

S2 bqxpnwp;Task Microsoft;c:\windows\system32\svchost.exe -k netsvcs [01.06.2006 19:06 14336]

S2 kwyena;Update Task;c:\windows\system32\svchost.exe -k netsvcs [01.06.2006 19:06 14336]

S2 PDSched;PDScheduler;c:\programme\Raxco\PerfectDisk\PDSched.exe [01.06.2006 21:06 241731]

S3 lupzzx;lupzzx;\??\c:\windows\system32\0D.tmp --> c:\windows\system32\0D.tmp [?]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [13.07.2010 22:53 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

kwyena

bqxpnwp

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-04 c:\windows\Tasks\1-Klick-Wartung.job

- c:\programme\TuneUpUtilities2006\SystemOptimizer.exe [2005-08-24 01:29]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-Outpost Firewall - c:\programme\Agnitum\Outpost Firewall\outpost.exe

MSConfigStartUp-OutpostFeedBack - c:\programme\Agnitum\Outpost Firewall\feedback.exe

MSConfigStartUp-SynTPEnh - c:\programme\Synaptics\SynTP\SynTPEnh.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-24 16:42

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

C:\ADSM_PData_0150

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lupzzx]

"ImagePath"="\??\c:\windows\system32\0D.tmp"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1343024091-115176313-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:5e,8a,15,10,9c,99,51,e2,33,01,4c,5d,89,f3,29,04,82,35,d4,ec,b7,

   38,4d,62,be,7f,3e,84,0a,3f,c0,c0,e2,74,6b,e5,9f,8f,3e,da,0b,06,e5,ab,a9,90,\

"rkeysecu"=hex:f7,ee,b4,cc,f8,09,48,a8,e6,00,63,95,a4,77,2d,ee

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]

"7040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1132)

c:\windows\system32\Ati2evxx.dll

.

Zeit der Fertigstellung: 2011-03-24  17:09:52

ComboFix-quarantined-files.txt  2011-03-24 16:09

.

Vor Suchlauf: 16 Verzeichnis(se), 57.221.194.752 Bytes frei

Nach Suchlauf: 26 Verzeichnis(se), 57.336.217.088 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

C:\ = "Nicht erkanntes Betriebssystem auf Laufwerk C"

.

- - End Of File - - 4D2C6BC329CD2B426650BC826B5CD5E2

--- --- ---

cosinus

24.03.2011 18:35

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::

C:\FOUND.009

c:\programme\ConduitEngine

c:\programme\Winload
 

File::

c:\windows\system32\0D.tmp
 

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{40c3cc16-7269-4b32-9531-17f2950fb06f}"=-

[-HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{40c3cc16-7269-4b32-9531-17f2950fb06f}"=- 

[-HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{40C3CC16-7269-4B32-9531-17F2950FB06F}"=-

[-HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
 

Driver::

bqxpnwp

kwyena

lupzzx

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

m4D_guY

24.03.2011 20:08

Liste der Anhänge anzeigen (Anzahl: 1)

Hier ist das 2. ComboFix Log:

Combofix Logfile:

Code:

ComboFix 11-03-23.06 - Administrator 24.03.2011  19:23:54.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1077 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Administrator\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

FILE ::

"c:\windows\system32\0D.tmp"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\FOUND.009

c:\found.009\FILE0000.CHK

c:\found.009\FILE0001.CHK

c:\programme\ConduitEngine

c:\programme\ConduitEngine\appContextMenu.xml

c:\programme\ConduitEngine\ConduitEngine.dll

c:\programme\ConduitEngine\ConduitEngineHelper.exe

c:\programme\ConduitEngine\engineContextMenu.xml

c:\programme\ConduitEngine\EngineSettings.json

c:\programme\ConduitEngine\prxConduitEngine.dll

c:\programme\ConduitEngine\toolbar.cfg

c:\programme\Winload

c:\programme\Winload\INSTALL.LOG

c:\programme\Winload\prxtbWin2.dll

c:\programme\Winload\tbWin0.dll

c:\programme\Winload\tbWin1.dll

c:\programme\Winload\tbWin2.dll

c:\programme\Winload\tbWinl.dll

c:\programme\Winload\toolbar.cfg

c:\programme\Winload\uninstall.exe

c:\programme\Winload\UNWISE.EXE

c:\programme\Winload\UNWISE.INI

c:\programme\Winload\WinloadToolbarHelper.exe

c:\programme\Winload\WinloadToolbarHelper1.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BQXPNWP

-------\Legacy_KWYENA

-------\Service_bqxpnwp

-------\Service_kwyena

-------\Service_lupzzx

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))

.

.

2011-03-24 15:11 . 2011-03-24 15:11        --------        d-----w-        c:\programme\CCleaner

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2011-03-23 00:57 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-03-23 00:57 . 2011-03-23 00:57        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-03-23 00:57 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-22 14:08 . 2011-03-22 14:08        --------        d-----w-        c:\programme\Gemeinsame Dateien\BioWare

2011-03-15 16:48 . 2011-03-15 16:48        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

2011-03-15 16:48 . 2011-03-15 16:48        0        ----a-w-        c:\windows\system32\ConduitEngine.tmp

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 11:34 . 2011-01-19 15:37        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll

2011-02-02 07:58 . 2008-09-24 17:40        2067456        ----a-w-        c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2008-09-24 17:40        677888        ----a-w-        c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2006-06-01 18:06        440832        ----a-w-        c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2006-06-01 18:06        290048        ----a-w-        c:\windows\system32\atmfd.dll

2010-12-31 14:03 . 2006-06-01 18:06        1855104        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 16:08        143360        ----a-w-        c:\programme\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-01-26 15026056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="c:\programme\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]

"ATKHOTKEY"="c:\programme\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]

"MsgTranAgt"="c:\programme\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]

"ATKOSD2"="c:\programme\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]

"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-25 37232]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-25 33136]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\

CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2003-11-21 45056]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           PDBoot.exe\0autocheck autochk *\0OODBS

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^OpenOffice.org 3.2.lnk]

path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat Speed Launcher.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]

2008-01-15 16:27        851968        ----a-w-        c:\programme\ASUS\Splendid\ACMON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 01:08        483328        ----a-w-        c:\programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 11:43        69632        ----a-r-        c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-11-15 10:42        33120        ----a-w-        c:\programme\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

2007-11-30 10:20        51768        ----a-w-        c:\programme\ASUS\ASUS Live Update\ALU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]

2006-11-02 07:27        61440        ----a-w-        c:\programme\ASUS\ATK Media\DMedia.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-08-20 20:45        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-11 20:34        49152        ----a-w-        c:\programme\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 15:40        155648        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2004-03-11 00:26        406016        ----a-w-        c:\windows\system32\PSDrvCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]

2008-01-25 17:32        778240        ----a-w-        c:\programme\P4P\P4P.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 19:24        32768        ----a-w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-04-10 09:52        16861184        ----a-r-        c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-03-21 15:54        544768        ----a-r-        c:\windows\sm56hlpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-03-03 17:29        1242448        ----a-w-        c:\programme\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-01-22 16:54        136600        ----a-w-        c:\programme\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-07-12 17:32        74752        ----a-w-        c:\programme\Winamp\winampa.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Spiele\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=

"d:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"d:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"d:\\Spiele\\Rise and Fall\\RiseAndFall.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Spiele\\CoH\\RelicDownloader\\RelicDownloader.exe"=

"d:\\Spiele\\Two Worlds\\TwoWorlds.exe"=

"d:\\Spiele\\Two Worlds\\TwoWorlds_RADEON.exe"=

"c:\\Programme\\Tunngle\\TnglCtrl.exe"=

"c:\\Programme\\Tunngle\\Tunngle.exe"=

"c:\\Programme\\Steam\\Steam.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=

"d:\\Spiele\\Stronghold 2\\Stronghold2.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=

"c:\\Programme\\Steam\\SteamApps\\trollcook\\counter-strike source\\hl2.exe"=

"d:\\Spiele\\Mass Effect\\Binaries\\MassEffect.exe"=

"d:\\Spiele\\Mass Effect\\MassEffectLauncher.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.04.2010 00:06 691696]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.03.2010 20:03 108289]

R2 TunngleService;TunngleService;c:\programme\Tunngle\TnglCtrl.exe [13.07.2010 22:53 716024]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.01.2008 12:06 21632]

S2 PDSched;PDScheduler;c:\programme\Raxco\PerfectDisk\PDSched.exe [01.06.2006 21:06 241731]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [13.07.2010 22:53 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-04 c:\windows\Tasks\1-Klick-Wartung.job

- c:\programme\TuneUpUtilities2006\SystemOptimizer.exe [2005-08-24 01:29]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Winload Toolbar - c:\programme\Winload\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-24 19:56

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1343024091-115176313-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:5e,8a,15,10,9c,99,51,e2,33,01,4c,5d,89,f3,29,04,82,35,d4,ec,b7,

   38,4d,62,be,7f,3e,84,0a,3f,c0,c0,e2,74,6b,e5,9f,8f,3e,da,0b,06,e5,ab,a9,90,\

"rkeysecu"=hex:f7,ee,b4,cc,f8,09,48,a8,e6,00,63,95,a4,77,2d,ee

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]

"7040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1140)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(7040)

c:\programme\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

c:\programme\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\programme\ATKGFNEX\GFNEXSrv.exe

c:\windows\system32\acs.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\oodag.exe

c:\programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programme\ATK Hotkey\ATKOSD.exe

c:\programme\ATK Hotkey\KBFiltr.exe

c:\programme\ATK Hotkey\WDC.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-03-24  20:05:09 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-03-24 19:04

ComboFix2.txt  2011-03-24 16:10

.

Vor Suchlauf: 25 Verzeichnis(se), 57.313.026.048 Bytes frei

Nach Suchlauf: 25 Verzeichnis(se), 57.189.285.888 Bytes frei

.

- - End Of File - - BD145BCBDD95EBB3769D352703B4D399

--- --- ---

Außerdem habe ich noch eine Frage.
Nach dem Neustart ist ein Fenster aufgetaucht mit dem Titel Sicherheitshinweis (siehe Screenshot2).
Kann ich dem vertrauen?

cosinus

24.03.2011 21:00

Ja.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

m4D_guY

24.03.2011 21:43

Ok hier der Scan von dem Kaspersky-tool:

2011/03/24 21:37:10.0437 3440 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 21:37:12.0453 3440 ================================================================================
2011/03/24 21:37:12.0453 3440 SystemInfo:
2011/03/24 21:37:12.0453 3440
2011/03/24 21:37:12.0453 3440 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/24 21:37:12.0453 3440 Product type: Workstation
2011/03/24 21:37:12.0453 3440 ComputerName: JOHANNES-LAPTOP
2011/03/24 21:37:12.0453 3440 UserName: Administrator
2011/03/24 21:37:12.0453 3440 Windows directory: C:\WINDOWS
2011/03/24 21:37:12.0453 3440 System windows directory: C:\WINDOWS
2011/03/24 21:37:12.0453 3440 Processor architecture: Intel x86
2011/03/24 21:37:12.0453 3440 Number of processors: 2
2011/03/24 21:37:12.0453 3440 Page size: 0x1000
2011/03/24 21:37:12.0453 3440 Boot type: Normal boot
2011/03/24 21:37:12.0453 3440 ================================================================================
2011/03/24 21:37:13.0406 3440 Initialize success
2011/03/24 21:37:24.0953 8140 ================================================================================
2011/03/24 21:37:24.0953 8140 Scan started
2011/03/24 21:37:24.0953 8140 Mode: Manual;
2011/03/24 21:37:24.0953 8140 ================================================================================
2011/03/24 21:37:25.0812 8140 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/24 21:37:26.0015 8140 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/24 21:37:26.0437 8140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/24 21:37:26.0671 8140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/24 21:37:27.0890 8140 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/03/24 21:37:28.0140 8140 AR5211 (bd4a059b937a64f403e693dcaa26fe38) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/03/24 21:37:28.0390 8140 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\asapiW2k.sys
2011/03/24 21:37:29.0203 8140 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\WINDOWS\system32\drivers\AsDsm.sys
2011/03/24 21:37:29.0312 8140 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Programme\ATKGFNEX\ASMMAP.sys
2011/03/24 21:37:29.0375 8140 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS
2011/03/24 21:37:29.0796 8140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/24 21:37:30.0031 8140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/24 21:37:30.0515 8140 ati2mtag (ed24215d4223c60989f02e196a1fff73) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/24 21:37:30.0921 8140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/24 21:37:31.0171 8140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/24 21:37:31.0296 8140 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/03/24 21:37:31.0546 8140 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/24 21:37:31.0765 8140 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/24 21:37:32.0000 8140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/24 21:37:32.0234 8140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/24 21:37:32.0453 8140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/24 21:37:32.0875 8140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/24 21:37:33.0109 8140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/24 21:37:33.0328 8140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/24 21:37:33.0781 8140 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/24 21:37:34.0218 8140 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/24 21:37:35.0125 8140 Defrag32 (573ac4974e59a28ac5815bf56d59822c) C:\WINDOWS\system32\drivers\Defrag32.sys
2011/03/24 21:37:35.0328 8140 Defrag32b (739fd63e6ac4f3940ada9b31b8b5de14) C:\WINDOWS\system32\drivers\Defrag32b.sys
2011/03/24 21:37:35.0531 8140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/24 21:37:35.0781 8140 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/24 21:37:36.0062 8140 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/24 21:37:36.0437 8140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/24 21:37:36.0687 8140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/24 21:37:37.0312 8140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/24 21:37:37.0531 8140 ElbyCDFL (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2011/03/24 21:37:37.0750 8140 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/03/24 21:37:37.0984 8140 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
2011/03/24 21:37:38.0203 8140 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/03/24 21:37:38.0468 8140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/24 21:37:38.0703 8140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/24 21:37:38.0921 8140 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/24 21:37:39.0156 8140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/24 21:37:39.0375 8140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/24 21:37:39.0578 8140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/24 21:37:39.0828 8140 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/24 21:37:40.0031 8140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/24 21:37:40.0281 8140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/24 21:37:40.0546 8140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/24 21:37:40.0984 8140 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/24 21:37:41.0218 8140 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/24 21:37:41.0437 8140 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/24 21:37:41.0671 8140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/24 21:37:42.0328 8140 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/24 21:37:42.0578 8140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/24 21:37:43.0140 8140 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/24 21:37:43.0781 8140 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/24 21:37:44.0031 8140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/24 21:37:44.0265 8140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/24 21:37:44.0484 8140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/24 21:37:44.0734 8140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/24 21:37:45.0015 8140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/24 21:37:45.0250 8140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/24 21:37:45.0484 8140 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/24 21:37:45.0687 8140 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/24 21:37:45.0921 8140 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
2011/03/24 21:37:46.0140 8140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/24 21:37:46.0406 8140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/24 21:37:46.0859 8140 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
2011/03/24 21:37:47.0093 8140 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/03/24 21:37:47.0328 8140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/24 21:37:47.0578 8140 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/24 21:37:47.0843 8140 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/24 21:37:48.0062 8140 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/24 21:37:48.0312 8140 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/24 21:37:48.0546 8140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/24 21:37:49.0046 8140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/24 21:37:49.0281 8140 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/24 21:37:49.0515 8140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/24 21:37:49.0734 8140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/24 21:37:50.0000 8140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/24 21:37:50.0250 8140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/24 21:37:50.0453 8140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/24 21:37:50.0687 8140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/24 21:37:50.0953 8140 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/03/24 21:37:51.0171 8140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/24 21:37:51.0531 8140 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/24 21:37:51.0796 8140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/24 21:37:52.0015 8140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/24 21:37:52.0250 8140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/24 21:37:52.0484 8140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/24 21:37:52.0718 8140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/24 21:37:52.0937 8140 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/24 21:37:53.0218 8140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/24 21:37:53.0453 8140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/24 21:37:53.0734 8140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/24 21:37:53.0968 8140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/24 21:37:54.0187 8140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/24 21:37:54.0406 8140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/24 21:37:54.0656 8140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/24 21:37:54.0906 8140 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/24 21:37:55.0140 8140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/24 21:37:55.0343 8140 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/24 21:37:55.0578 8140 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/24 21:37:56.0000 8140 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/24 21:37:56.0234 8140 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
2011/03/24 21:37:56.0468 8140 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/24 21:37:57.0921 8140 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/03/24 21:37:58.0203 8140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/24 21:37:58.0453 8140 PQNTDrv (590f057b19488420f720bf6423388775) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/03/24 21:37:58.0671 8140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/24 21:37:58.0906 8140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/24 21:37:59.0156 8140 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/24 21:38:00.0359 8140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/24 21:38:00.0578 8140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/24 21:38:00.0828 8140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/24 21:38:01.0046 8140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/24 21:38:01.0281 8140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/24 21:38:01.0515 8140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/24 21:38:01.0750 8140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/24 21:38:02.0000 8140 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/24 21:38:02.0234 8140 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/24 21:38:02.0468 8140 RTSTOR (b1c9626c5089a85de411c1bedbc5620e) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2011/03/24 21:38:02.0703 8140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/24 21:38:02.0968 8140 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/24 21:38:03.0250 8140 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/03/24 21:38:03.0468 8140 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/03/24 21:38:03.0703 8140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/24 21:38:03.0937 8140 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys
2011/03/24 21:38:04.0140 8140 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2011/03/24 21:38:04.0593 8140 SiSGbeXP (a86e52c55de3488b3fc0ff2b8ad711bf) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
2011/03/24 21:38:04.0828 8140 siside (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
2011/03/24 21:38:05.0031 8140 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/24 21:38:05.0281 8140 smserial (b8c571fbf5a4b341a95cdf0de74d7b11) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/03/24 21:38:05.0796 8140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/24 21:38:06.0078 8140 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/24 21:38:06.0078 8140 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/24 21:38:06.0093 8140 sptd - detected Locked file (1)
2011/03/24 21:38:06.0328 8140 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/24 21:38:06.0656 8140 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/24 21:38:07.0062 8140 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/24 21:38:07.0343 8140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/24 21:38:07.0578 8140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/24 21:38:07.0812 8140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/24 21:38:08.0859 8140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/24 21:38:09.0109 8140 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys
2011/03/24 21:38:09.0343 8140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/24 21:38:09.0609 8140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/24 21:38:09.0859 8140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/24 21:38:10.0093 8140 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
2011/03/24 21:38:10.0296 8140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/24 21:38:10.0765 8140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/24 21:38:11.0203 8140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/24 21:38:11.0515 8140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/24 21:38:11.0734 8140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/24 21:38:11.0953 8140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/24 21:38:12.0203 8140 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/24 21:38:12.0468 8140 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/24 21:38:12.0703 8140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/24 21:38:12.0968 8140 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/24 21:38:13.0250 8140 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/24 21:38:13.0484 8140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/24 21:38:13.0921 8140 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/24 21:38:14.0375 8140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/24 21:38:14.0812 8140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/24 21:38:15.0062 8140 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
2011/03/24 21:38:15.0328 8140 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
2011/03/24 21:38:15.0578 8140 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
2011/03/24 21:38:15.0796 8140 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
2011/03/24 21:38:16.0078 8140 WpdUsb (d4162c1d8fe1de8f1e6ef9ba4323d520) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/24 21:38:16.0296 8140 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2011/03/24 21:38:16.0578 8140 WSIMD (2ea107f535b0b7bfb1d8d6bd79325dbb) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/03/24 21:38:16.0781 8140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/24 21:38:17.0031 8140 WudfPf (443f0a35cb3be5d176053da39157a898) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/24 21:38:17.0250 8140 WudfRd (e12d4c486d7eb4e0961c27558dc25af7) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/24 21:38:17.0515 8140 ================================================================================
2011/03/24 21:38:17.0515 8140 Scan finished
2011/03/24 21:38:17.0515 8140 ================================================================================
2011/03/24 21:38:17.0546 7412 Detected object count: 1
2011/03/24 21:40:42.0453 7412 Locked file(sptd) - User select action: Skip

und hier das Log von dem "NormanTDSS Cleaner":

Norman TDSS Cleaner
Version 2.0.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/11/12 12:32:24

Scan started: 2011/03/24 21:44:50

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: JOHANNES-LAPTOP\Administrator

Scanning kernel...

Scan complete

cosinus

24.03.2011 22:12

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

m4D_guY

25.03.2011 01:44

GMER:

GMER Logfile:

Code:

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-25 01:40:56

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e ST9250827AS rev.3.AAA

Running: sic9x5lp.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\agkyruob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwAllocateVirtualMemory [0xBA30AB30]

SSDT                                                                      BA6902A6                                                                                                            ZwCreateKey

SSDT                                                                      BA69029C                                                                                                            ZwCreateThread

SSDT                                                                      BA6902AB                                                                                                            ZwDeleteKey

SSDT                                                                      BA6902B5                                                                                                            ZwDeleteValueKey

SSDT                                                                      spiy.sys                                                                                                            ZwEnumerateKey [0xB9ECDDA4]

SSDT                                                                      spiy.sys                                                                                                            ZwEnumerateValueKey [0xB9ECE132]

SSDT                                                                      BA6902BA                                                                                                            ZwLoadKey

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwMapViewOfSection [0xBA30A470]

SSDT                                                                      spiy.sys                                                                                                            ZwOpenKey [0xB9EB50C0]

SSDT                                                                      BA690288                                                                                                            ZwOpenProcess

SSDT                                                                      BA69028D                                                                                                            ZwOpenThread

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwProtectVirtualMemory [0xBA30AC50]

SSDT                                                                      spiy.sys                                                                                                            ZwQueryKey [0xB9ECE20A]

SSDT                                                                      spiy.sys                                                                                                            ZwQueryValueKey [0xB9ECE08A]

SSDT                                                                      BA6902C4                                                                                                            ZwReplaceKey

SSDT                                                                      BA6902BF                                                                                                            ZwRestoreKey

SSDT                                                                      BA6902B0                                                                                                            ZwSetValueKey

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwShutdownSystem [0xBA30A990]

SSDT                                                                      BA690297                                                                                                            ZwTerminateProcess

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwWriteVirtualMemory [0xBA30AD60]
 

INT 0x62                                                                  ?                                                                                                                   8A3DABF8

INT 0x63                                                                  ?                                                                                                                   8A1D1BF8

INT 0x83                                                                  ?                                                                                                                   8A3DABF8

INT 0x94                                                                  ?                                                                                                                   8A1D1BF8

INT 0xB1                                                                  ?                                                                                                                   8A44CBF8

INT 0xB1                                                                  ?                                                                                                                   8A44CBF8

INT 0xB4                                                                  ?                                                                                                                   8A1D1BF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

?                                                                         spiy.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !

.sfrelocÿÿÿÿsfsync04unknown last section [0xB9E5B000, 0xBC6, 0x40000040]  C:\WINDOWS\system32\drivers\sfsync04.sys                                                                            unknown last section [0xB9E5B000, 0xBC6, 0x40000040]

.text                                                                     C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                            section is writeable [0xB980C000, 0x1894F8, 0xE8000020]

.text                                                                     USBPORT.SYS!DllUnload                                                                                               B97A08AC 5 Bytes  JMP 8A1D11D8 

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A2386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A23AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A23C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A23C9 1 Byte  [2E]

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A23C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}

.text                                                                     ...                                                                                                                 

.text                                                                     apaszghy.SYS                                                                                                        B9669386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text                                                                     apaszghy.SYS                                                                                                        B96693AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text                                                                     apaszghy.SYS                                                                                                        B96693C4 3 Bytes  [00, 80, 02]

.text                                                                     apaszghy.SYS                                                                                                        B96693C9 1 Byte  [30]

.text                                                                     apaszghy.SYS                                                                                                        B96693C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text                                                                     ...                                                                                                                 

.text                                                                     tcpip.sys!IPTransmit + 10FC                                                                                         ACE1ED3A 6 Bytes  CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

.text                                                                     tcpip.sys!IPTransmit + 2A52                                                                                         ACE20690 6 Bytes  CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

.text                                                                     tcpip.sys!IPRegisterProtocol + 930                                                                                  ACE36454 6 Bytes  CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

.text                                                                     wanarp.sys                                                                                                          B96163FD 7 Bytes  CALL B9CC0FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

?                                                                         C:\cofi.exe\catchme.sys                                                                                             Das System kann den angegebenen Pfad nicht finden. !

?                                                                         C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text                                                                     C:\Programme\Tunngle\TnglCtrl.exe[3116] ntdll.dll!DbgBreakPoint                                                     7C91120E 1 Byte  [90]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B9EB6042] spiy.sys

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B9EB613E] spiy.sys

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [B9EB60C0] spiy.sys

IAT                                                                       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [B9EB6800] spiy.sys

IAT                                                                       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [B9EB66D6] spiy.sys

IAT                                                                       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B9EC5B90] spiy.sys

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfAcquireSpinLock]                                                CCCCCCC3

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_UCHAR]                                                  CCCCCCCC

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KeGetCurrentIrql]                                                 CCCCCCCC

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfRaiseIrql]                                                      CCCCCCCC

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfLowerIrql]                                                      8BEC8B55

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!HalGetInterruptVector]                                            00C73445

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!HalTranslateBusAddress]                                           00000000

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KeStallExecutionProcessor]                                        830C458B

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfReleaseSpinLock]                                                C0840CEC

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          053C0D74

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_USHORT]                                                 57B80974

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         8B000000

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 56C35DE5

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[WMILIB.SYS!WmiSystemControl]                                              8D51FC4D

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[WMILIB.SYS!WmiCompleteRequest]                                            8D52FD55

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfLowerIrql]                                                      0E798366

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E

IAT                                                                       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                 [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                  [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                           [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                             [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                            [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                 [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                          [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                              [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                   [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                  [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                             [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                           [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                 [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                  [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                   [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                    [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                               [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                              [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                   [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                  [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                             [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                           [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                 [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                  [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
 

---- Devices - GMER 1.0.15 ----
 

Device                                                                    \FileSystem\Ntfs \Ntfs                                                                                              8A3D91F8
 

AttachedDevice                                                            \FileSystem\Ntfs \Ntfs                                                                                              AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
 

Device                                                                    \FileSystem\Fastfat \FatCdrom                                                                                       890831F8

Device                                                                    \FileSystem\Udfs \UdfsCdRom                                                                                         890601F8

Device                                                                    \FileSystem\Udfs \UdfsDisk                                                                                          890601F8

Device                                                                    \Driver\usbstor \Device\0000009b                                                                                    8909D500

Device                                                                    \Driver\usbstor \Device\0000009b                                                                                    sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\Tcpip \Device\Ip                                                                                            wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\RTSTOR \Device\0000009d                                                                                     sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\usbohci \Device\USBPDO-0                                                                                    8A14D1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8A44A1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmConfig                                                                             8A44A1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmPnP                                                                                8A44A1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmInfo                                                                               8A44A1F8

Device                                                                    \Driver\usbohci \Device\USBPDO-1                                                                                    8A14D1F8

Device                                                                    \Driver\usbehci \Device\USBPDO-2                                                                                    8A1361F8

Device                                                                    \Driver\sptd \Device\4006500198                                                                                     spiy.sys

Device                                                                    \Driver\Tcpip \Device\Tcp                                                                                           wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A3DB1F8

Device                                                                    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A3DB1F8

Device                                                                    \Driver\Cdrom \Device\CdRom0                                                                                        8A333500

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3                                                                         [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3                                                                         sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdePort0                                                                                  [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort0                                                                                  sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdePort1                                                                                  [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort1                                                                                  sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdePort2                                                                                  [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort2                                                                                  sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdePort3                                                                                  [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort3                                                                                  sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e                                                                         [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e                                                                         sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\Cdrom \Device\CdRom1                                                                                        8A333500

Device                                                                    \Driver\PCI_PNP6448 \Device\00000067                                                                                spiy.sys

Device                                                                    \Driver\PCI_PNP6448 \Device\00000068                                                                                spiy.sys

Device                                                                    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             890DA500

Device                                                                    \Driver\NetBT \Device\NetbiosSmb                                                                                    890DA500

Device                                                                    \Driver\Tcpip \Device\Udp                                                                                           wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\Tcpip \Device\RawIp                                                                                         wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\usbstor \Device\00000097                                                                                    8909D500

Device                                                                    \Driver\usbstor \Device\00000097                                                                                    sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\usbohci \Device\USBFDO-0                                                                                    8A14D1F8

Device                                                                    \Driver\RTSTOR \Device\00000099                                                                                     sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\usbohci \Device\USBFDO-1                                                                                    8A14D1F8

Device                                                                    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   890D8500

Device                                                                    \Driver\Tcpip \Device\IPMULTICAST                                                                                   wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\usbehci \Device\USBFDO-2                                                                                    8A1361F8

Device                                                                    \Driver\sptd \Device\4006656448                                                                                     spiy.sys

Device                                                                    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         890D8500

Device                                                                    \Driver\Ftdisk \Device\FtControl                                                                                    8A3DB1F8

Device                                                                    \Driver\NetBT \Device\NetBT_Tcpip_{F523AD6C-1A8C-45BE-8A26-6E123EA63FF7}                                            890DA500

Device                                                                    \Driver\a9qxhjfg \Device\Scsi\a9qxhjfg1                                                                             8A1281F8

Device                                                                    \Driver\apaszghy \Device\Scsi\apaszghy1Port4Path0Target0Lun0                                                        8A1231F8

Device                                                                    \Driver\apaszghy \Device\Scsi\apaszghy1Port4Path0Target0Lun0                                                        sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\apaszghy \Device\Scsi\apaszghy1                                                                             8A1231F8

Device                                                                    \Driver\apaszghy \Device\Scsi\apaszghy1                                                                             sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \FileSystem\Fastfat \Fat                                                                                            890831F8
 

AttachedDevice                                                            \FileSystem\Fastfat \Fat                                                                                            AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

AttachedDevice                                                            \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

Device                                                                    \FileSystem\Cdfs \Cdfs                                                                                              890611F8
 

---- Registry - GMER 1.0.15 ----
 

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  2

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                 C:\Programme\Alcohol Soft\Alcohol 52\

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 0

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x0D 0x6B 0xD9 0x20 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 1

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xB7 0x5D 0x1C 0x02 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x56 0xB6 0x2F 0xCD ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x50 0x6C 0xB7 0x50 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                     C:\Programme\Alcohol Soft\Alcohol 52\

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     0

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x0D 0x6B 0xD9 0x20 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     1

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x05 0x60 0xD9 0xE6 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x56 0xB6 0x2F 0xCD ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x50 0x6C 0xB7 0x50 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...
 

---- Files - GMER 1.0.15 ----
 

File                                                                      C:\Programme\ASUS\ASUS Data Security Manager\driver\x86                                                             0 bytes

File                                                                      C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                   29752 bytes executable

File                                                                      C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                        512 bytes

File                                                                      C:\ADSM_PData_0150                                                                                                  0 bytes

File                                                                      C:\ADSM_PData_0150\DB                                                                                               0 bytes

File                                                                      C:\ADSM_PData_0150\DB\SI.db                                                                                         624 bytes

File                                                                      C:\ADSM_PData_0150\DB\UL.db                                                                                         16 bytes

File                                                                      C:\ADSM_PData_0150\DB\VL.db                                                                                         16 bytes

File                                                                      C:\ADSM_PData_0150\DB\_avt                                                                                          512 bytes

File                                                                      C:\ADSM_PData_0150\DragWait.exe                                                                                     253952 bytes executable

File                                                                      C:\ADSM_PData_0150\_avt                                                                                             512 bytes
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 22:43:11 on 24.03.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "Raxco Software, Inc." - C:\WINDOWS\system32\PDBoot.exe

"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl

"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl

"Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl

"ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"a9qxhjfg" (a9qxhjfg) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a9qxhjfg.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys

"apaszghy" (apaszghy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\apaszghy.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"ASAPIW2K" (ASAPIW2K) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\Drivers\asapiW2k.sys

"ASMMAP" (ASMMAP) - ? - C:\Programme\ATKGFNEX\ASMMAP.sys

"ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS

"ASPI32" (ASPI32) - ? - C:\WINDOWS\system32\drivers\ASPI32.sys  (File not found)

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\cofi.exe\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\AsDsm.sys

"ddxgb" (ddxgb) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ddxgb.sys  (File not found)

"Defrag32" (Defrag32) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32.sys

"Defrag32Boot" (Defrag32b) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32b.sys

"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys

"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys

"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys

"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys

"SyGate for NT, wg3n" (wg3n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys

"SyGate for NT, wg4n" (wg4n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys

"SyGate for NT, wg5n" (wg5n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys

"SyGate for NT, wg6n" (wg6n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys

"TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys

"Teefer for NT" (Teefer) - "Sygate Technologies, Inc." - C:\WINDOWS\System32\Drivers\Teefer.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"wpsdrvnt" (wpsdrvnt) - "Sygate Technologies, Inc." - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{0cab0400-7395-11d0-a5e5-0020afe2fdd9} "Quick View Plus - ShellExecute Hook" - "Stellent, Inc." - C:\WINDOWS\qvphook.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{F0F08737-0C36-101B-B086-0020AF07D0F4} "Quick View Plus - Shell Extension object" - "Stellent, Inc." - C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 10\programs\BlueShellExt.dll  (File found, but it contains no detailed information)

{2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - ? -   (File not found | COM-object registry key not found)

{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - ? -   (File not found | COM-object registry key not found)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"CCC.lnk" - "ATI Technologies Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun

"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----

"FlashPlayerUpdate" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"ASUS Camera ScreenSaver" - ? - C:\WINDOWS\ASScrProlog.exe  (File found, but it contains no detailed information)

"ASUS Screen Saver Protector" - ? - C:\WINDOWS\ASScrPro.exe

"ATKHOTKEY" - "ATK0100" - "C:\Programme\ATK Hotkey\Hcontrol.exe"

"ATKOSD2" - ? - "C:\Programme\ATKOSD2\ATKOSD2.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HControlUser" - ? - "C:\Programme\ATK Hotkey\HcontrolUser.exe"

"MsgTranAgt" - ? - "C:\Programme\ATK Hotkey\MsgTranAgt.exe"

"Power_Gear" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

"SmcService" - "Sygate Technologies, Inc." - C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"Wireless Console 2" - ? - "C:\Programme\Wireless Console 2\wcourier.exe"
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Atheros Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll  (File not found)
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"ADSM Service" (ADSMService) - ? - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Atheros-Konfigurationsdienst" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe

"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Programme\ATKGFNEX\GFNEXSrv.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll

"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDEngine.exe

"PDScheduler" (PDSched) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDSched.exe

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll

"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

"Sygate Personal Firewall" (SmcService) - "Sygate Technologies, Inc." - C:\Programme\Sygate\SPF\smc.exe

"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

"TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Programme\Tunngle\TnglCtrl.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

MBR Check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 166):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 spiy.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6D000 ACPI.sys
0xBA0A8000 isapnp.sys
0xB9E5C000 pci.sys
0xB9E4A000 sfsync04.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9E2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9E05000 dmio.sys
0xBA671000 siside.sys
0xBA4C4000 ACPIEC.sys
0xBA672000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9DED000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DCD000 fltmgr.sys
0xB9DBB000 sr.sys
0xBA0F8000 AsDsm.sys
0xBA108000 PxHelp20.sys
0xB9DA4000 KSecDD.sys
0xB9D8F000 WudfPf.sys
0xBA118000 Defrag32b.sys
0xB9D02000 Ntfs.sys
0xB9CD5000 NDIS.sys
0xB9CB8000 Teefer.sys
0xB9CA5000 sfvfs02.sys
0xBA338000 sfhlp02.sys
0xB9C93000 sfdrv01.sys
0xB9C79000 Mup.sys
0xBA390000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0xBA178000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB980B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB97CF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA5B2000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA198000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA3B8000 \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys
0xBA5B4000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0xBA3C8000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xBA564000 \SystemRoot\system32\drivers\pfc.sys
0xBA3D8000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB97AC000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9788000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9701000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xB96D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB96A2000 \SystemRoot\System32\Drivers\a9qxhjfg.SYS
0xB9669000 \SystemRoot\System32\Drivers\apaszghy.SYS
0xBA590000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA398000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBA79B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9652000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9641000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9571000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA238000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5C2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9513000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C41000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB94BD000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xBA248000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xACFCD000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xACFA9000 \SystemRoot\system32\drivers\portcls.sys
0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys
0xACECF000 \SystemRoot\system32\DRIVERS\smserial.sys
0xBA460000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA5A0000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xBA5D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7F3000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D4000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA490000 \SystemRoot\System32\drivers\vga.sys
0xBA5D8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA4A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB94FB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xACE74000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xACE1B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xACDCD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA308000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xACD05000 \SystemRoot\system32\DRIVERS\netbt.sys
0xACCE3000 \SystemRoot\System32\drivers\afd.sys
0xBA148000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB94EF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA158000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xACCB8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA693000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB94A9000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
0xACC48000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA168000 \SystemRoot\System32\Drivers\Fips.SYS
0xACBDC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5E4000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB9611000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA420000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB95F1000 \SystemRoot\system32\drivers\RTSTOR.SYS
0xACEAF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xACB96000 \SystemRoot\System32\Drivers\usbvideo.sys
0xB95C1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xACB85000 \SystemRoot\System32\Drivers\Udfs.SYS
0xACB61000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xACB49000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xACE0F000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA478000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA757000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF05F000 \SystemRoot\System32\ati2cqag.dll
0xBF0DE000 \SystemRoot\System32\atikvmag.dll
0xBF14E000 \SystemRoot\System32\atiok3x2.dll
0xBF17C000 \SystemRoot\System32\ati3duag.dll
0xBF484000 \SystemRoot\System32\ativvaxx.dll
0xBF633000 \SystemRoot\System32\ATMFD.DLL
0xAA7E4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAA79C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA5FC000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys
0xAA5F4000 \SystemRoot\SYSTEM32\Drivers\wg4n.sys
0xAA5EC000 \SystemRoot\SYSTEM32\Drivers\wg5n.sys
0xAA5DC000 \SystemRoot\SYSTEM32\Drivers\wg6n.sys
0xBA450000 \??\C:\Programme\ATKGFNEX\ASMMAP.sys
0xAA31F000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA5BC000 \SystemRoot\system32\drivers\sysaudio.sys
0xAA18A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA0F2000 \SystemRoot\System32\Drivers\Defrag32.SYS
0xBA5D2000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA9F52000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9A17000 \SystemRoot\System32\Drivers\HTTP.sys
0xA97BE000 \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS
0xBA468000 \??\C:\cofi.exe\catchme.sys
0xBA5E2000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA9096000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\agkyruob.sys
0xA9EC0000 \SystemRoot\system32\DRIVERS\SiSGbeXP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\Alcohol Soft\Alcohol 52\Alcoholx.dll

Processes (total 55):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
1108 csrss.exe
1140 C:\WINDOWS\system32\winlogon.exe
1184 C:\WINDOWS\system32\services.exe
1196 C:\WINDOWS\system32\lsass.exe
1384 C:\WINDOWS\system32\ati2evxx.exe
1416 C:\WINDOWS\system32\svchost.exe
1528 svchost.exe
1744 C:\WINDOWS\system32\svchost.exe
1788 C:\WINDOWS\system32\svchost.exe
1820 C:\WINDOWS\system32\ati2evxx.exe
280 svchost.exe
512 svchost.exe
808 C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe
824 C:\Programme\ATKGFNEX\GFNEXSrv.exe
1008 C:\WINDOWS\system32\spoolsv.exe
660 C:\WINDOWS\system32\acs.exe
1576 C:\Programme\Avira\AntiVir Desktop\sched.exe
1712 svchost.exe
712 C:\Programme\Avira\AntiVir Desktop\avguard.exe
628 C:\WINDOWS\system32\svchost.exe
456 C:\Programme\Java\jre6\bin\jqs.exe
1080 C:\WINDOWS\system32\svchost.exe
1596 C:\WINDOWS\system32\oodag.exe
2848 C:\WINDOWS\system32\svchost.exe
2936 C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
3076 C:\WINDOWS\system32\svchost.exe
3116 C:\Programme\Tunngle\TnglCtrl.exe
1088 C:\Programme\ATK Hotkey\HControlUser.exe
524 C:\Programme\ATK Hotkey\HControl.exe
2300 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2440 C:\Programme\ATK Hotkey\MsgTranAgt.exe
2608 C:\Programme\ATKOSD2\ATKOSD2.exe
2760 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3032 C:\Programme\Wireless Console 2\wcourier.exe
3356 C:\WINDOWS\ASScrPro.exe
3532 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
3540 alg.exe
3696 C:\Programme\ATK Hotkey\ATKOSD.exe
4056 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
1964 C:\Programme\ATK Hotkey\KBFiltr.exe
1980 C:\Programme\DAEMON Tools Lite\DTLite.exe
2568 C:\Programme\ATK Hotkey\WDC.exe
3952 C:\WINDOWS\system32\svchost.exe
4000 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3232 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
7040 C:\WINDOWS\explorer.exe
7004 C:\Programme\Mozilla Firefox\firefox.exe
1168 C:\Programme\Sygate\SPF\Smc.exe
6348 wmiprvse.exe
4760 C:\Programme\Avira\AntiVir Desktop\avcenter.exe
8140 C:\Programme\Mozilla Firefox\plugin-container.exe
6520 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`499f7e00 (NTFS)

PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

m4D_guY

25.03.2011 01:44

GMER:

GMER Logfile:

Code:

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-25 01:40:56

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e ST9250827AS rev.3.AAA

Running: sic9x5lp.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\agkyruob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwAllocateVirtualMemory [0xBA30AB30]

SSDT                                                                      BA6902A6                                                                                                            ZwCreateKey

SSDT                                                                      BA69029C                                                                                                            ZwCreateThread

SSDT                                                                      BA6902AB                                                                                                            ZwDeleteKey

SSDT                                                                      BA6902B5                                                                                                            ZwDeleteValueKey

SSDT                                                                      spiy.sys                                                                                                            ZwEnumerateKey [0xB9ECDDA4]

SSDT                                                                      spiy.sys                                                                                                            ZwEnumerateValueKey [0xB9ECE132]

SSDT                                                                      BA6902BA                                                                                                            ZwLoadKey

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwMapViewOfSection [0xBA30A470]

SSDT                                                                      spiy.sys                                                                                                            ZwOpenKey [0xB9EB50C0]

SSDT                                                                      BA690288                                                                                                            ZwOpenProcess

SSDT                                                                      BA69028D                                                                                                            ZwOpenThread

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwProtectVirtualMemory [0xBA30AC50]

SSDT                                                                      spiy.sys                                                                                                            ZwQueryKey [0xB9ECE20A]

SSDT                                                                      spiy.sys                                                                                                            ZwQueryValueKey [0xB9ECE08A]

SSDT                                                                      BA6902C4                                                                                                            ZwReplaceKey

SSDT                                                                      BA6902BF                                                                                                            ZwRestoreKey

SSDT                                                                      BA6902B0                                                                                                            ZwSetValueKey

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwShutdownSystem [0xBA30A990]

SSDT                                                                      BA690297                                                                                                            ZwTerminateProcess

SSDT                                                                      \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                                   ZwWriteVirtualMemory [0xBA30AD60]
 

INT 0x62                                                                  ?                                                                                                                   8A3DABF8

INT 0x63                                                                  ?                                                                                                                   8A1D1BF8

INT 0x83                                                                  ?                                                                                                                   8A3DABF8

INT 0x94                                                                  ?                                                                                                                   8A1D1BF8

INT 0xB1                                                                  ?                                                                                                                   8A44CBF8

INT 0xB1                                                                  ?                                                                                                                   8A44CBF8

INT 0xB4                                                                  ?                                                                                                                   8A1D1BF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

?                                                                         spiy.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !

.sfrelocÿÿÿÿsfsync04unknown last section [0xB9E5B000, 0xBC6, 0x40000040]  C:\WINDOWS\system32\drivers\sfsync04.sys                                                                            unknown last section [0xB9E5B000, 0xBC6, 0x40000040]

.text                                                                     C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                            section is writeable [0xB980C000, 0x1894F8, 0xE8000020]

.text                                                                     USBPORT.SYS!DllUnload                                                                                               B97A08AC 5 Bytes  JMP 8A1D11D8 

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A2386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A23AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A23C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A23C9 1 Byte  [2E]

.text                                                                     a9qxhjfg.SYS                                                                                                        B96A23C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}

.text                                                                     ...                                                                                                                 

.text                                                                     apaszghy.SYS                                                                                                        B9669386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text                                                                     apaszghy.SYS                                                                                                        B96693AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text                                                                     apaszghy.SYS                                                                                                        B96693C4 3 Bytes  [00, 80, 02]

.text                                                                     apaszghy.SYS                                                                                                        B96693C9 1 Byte  [30]

.text                                                                     apaszghy.SYS                                                                                                        B96693C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text                                                                     ...                                                                                                                 

.text                                                                     tcpip.sys!IPTransmit + 10FC                                                                                         ACE1ED3A 6 Bytes  CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

.text                                                                     tcpip.sys!IPTransmit + 2A52                                                                                         ACE20690 6 Bytes  CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

.text                                                                     tcpip.sys!IPRegisterProtocol + 930                                                                                  ACE36454 6 Bytes  CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

.text                                                                     wanarp.sys                                                                                                          B96163FD 7 Bytes  CALL B9CC0FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

?                                                                         C:\cofi.exe\catchme.sys                                                                                             Das System kann den angegebenen Pfad nicht finden. !

?                                                                         C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text                                                                     C:\Programme\Tunngle\TnglCtrl.exe[3116] ntdll.dll!DbgBreakPoint                                                     7C91120E 1 Byte  [90]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B9EB6042] spiy.sys

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B9EB613E] spiy.sys

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [B9EB60C0] spiy.sys

IAT                                                                       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [B9EB6800] spiy.sys

IAT                                                                       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [B9EB66D6] spiy.sys

IAT                                                                       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B9EC5B90] spiy.sys

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfAcquireSpinLock]                                                CCCCCCC3

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_UCHAR]                                                  CCCCCCCC

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KeGetCurrentIrql]                                                 CCCCCCCC

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfRaiseIrql]                                                      CCCCCCCC

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfLowerIrql]                                                      8BEC8B55

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!HalGetInterruptVector]                                            00C73445

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!HalTranslateBusAddress]                                           00000000

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KeStallExecutionProcessor]                                        830C458B

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfReleaseSpinLock]                                                C0840CEC

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          053C0D74

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_USHORT]                                                 57B80974

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         8B000000

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 56C35DE5

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[WMILIB.SYS!WmiSystemControl]                                              8D51FC4D

IAT                                                                       \SystemRoot\System32\Drivers\a9qxhjfg.SYS[WMILIB.SYS!WmiCompleteRequest]                                            8D52FD55

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfLowerIrql]                                                      0E798366

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C

IAT                                                                       \SystemRoot\System32\Drivers\apaszghy.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E

IAT                                                                       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                 [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                  [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                           [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                             [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                            [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                 [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                          [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                              [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                   [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                  [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                             [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                           [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                 [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                  [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                   [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                    [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                               [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                              [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                   [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                  [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                             [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                           [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                 [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT                                                                       \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                  [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
 

---- Devices - GMER 1.0.15 ----
 

Device                                                                    \FileSystem\Ntfs \Ntfs                                                                                              8A3D91F8
 

AttachedDevice                                                            \FileSystem\Ntfs \Ntfs                                                                                              AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
 

Device                                                                    \FileSystem\Fastfat \FatCdrom                                                                                       890831F8

Device                                                                    \FileSystem\Udfs \UdfsCdRom                                                                                         890601F8

Device                                                                    \FileSystem\Udfs \UdfsDisk                                                                                          890601F8

Device                                                                    \Driver\usbstor \Device\0000009b                                                                                    8909D500

Device                                                                    \Driver\usbstor \Device\0000009b                                                                                    sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\Tcpip \Device\Ip                                                                                            wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\RTSTOR \Device\0000009d                                                                                     sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\usbohci \Device\USBPDO-0                                                                                    8A14D1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8A44A1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmConfig                                                                             8A44A1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmPnP                                                                                8A44A1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmInfo                                                                               8A44A1F8

Device                                                                    \Driver\usbohci \Device\USBPDO-1                                                                                    8A14D1F8

Device                                                                    \Driver\usbehci \Device\USBPDO-2                                                                                    8A1361F8

Device                                                                    \Driver\sptd \Device\4006500198                                                                                     spiy.sys

Device                                                                    \Driver\Tcpip \Device\Tcp                                                                                           wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A3DB1F8

Device                                                                    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A3DB1F8

Device                                                                    \Driver\Cdrom \Device\CdRom0                                                                                        8A333500

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3                                                                         [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3                                                                         sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdePort0                                                                                  [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort0                                                                                  sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdePort1                                                                                  [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort1                                                                                  sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdePort2                                                                                  [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort2                                                                                  sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdePort3                                                                                  [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort3                                                                                  sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e                                                                         [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e                                                                         sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\Cdrom \Device\CdRom1                                                                                        8A333500

Device                                                                    \Driver\PCI_PNP6448 \Device\00000067                                                                                spiy.sys

Device                                                                    \Driver\PCI_PNP6448 \Device\00000068                                                                                spiy.sys

Device                                                                    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             890DA500

Device                                                                    \Driver\NetBT \Device\NetbiosSmb                                                                                    890DA500

Device                                                                    \Driver\Tcpip \Device\Udp                                                                                           wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\Tcpip \Device\RawIp                                                                                         wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\usbstor \Device\00000097                                                                                    8909D500

Device                                                                    \Driver\usbstor \Device\00000097                                                                                    sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\usbohci \Device\USBFDO-0                                                                                    8A14D1F8

Device                                                                    \Driver\RTSTOR \Device\00000099                                                                                     sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\usbohci \Device\USBFDO-1                                                                                    8A14D1F8

Device                                                                    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   890D8500

Device                                                                    \Driver\Tcpip \Device\IPMULTICAST                                                                                   wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device                                                                    \Driver\usbehci \Device\USBFDO-2                                                                                    8A1361F8

Device                                                                    \Driver\sptd \Device\4006656448                                                                                     spiy.sys

Device                                                                    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         890D8500

Device                                                                    \Driver\Ftdisk \Device\FtControl                                                                                    8A3DB1F8

Device                                                                    \Driver\NetBT \Device\NetBT_Tcpip_{F523AD6C-1A8C-45BE-8A26-6E123EA63FF7}                                            890DA500

Device                                                                    \Driver\a9qxhjfg \Device\Scsi\a9qxhjfg1                                                                             8A1281F8

Device                                                                    \Driver\apaszghy \Device\Scsi\apaszghy1Port4Path0Target0Lun0                                                        8A1231F8

Device                                                                    \Driver\apaszghy \Device\Scsi\apaszghy1Port4Path0Target0Lun0                                                        sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \Driver\apaszghy \Device\Scsi\apaszghy1                                                                             8A1231F8

Device                                                                    \Driver\apaszghy \Device\Scsi\apaszghy1                                                                             sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

Device                                                                    \FileSystem\Fastfat \Fat                                                                                            890831F8
 

AttachedDevice                                                            \FileSystem\Fastfat \Fat                                                                                            AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

AttachedDevice                                                            \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

Device                                                                    \FileSystem\Cdfs \Cdfs                                                                                              890611F8
 

---- Registry - GMER 1.0.15 ----
 

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  2

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                 C:\Programme\Alcohol Soft\Alcohol 52\

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 0

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x0D 0x6B 0xD9 0x20 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 1

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xB7 0x5D 0x1C 0x02 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x56 0xB6 0x2F 0xCD ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x50 0x6C 0xB7 0x50 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                     C:\Programme\Alcohol Soft\Alcohol 52\

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     0

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x0D 0x6B 0xD9 0x20 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     1

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x05 0x60 0xD9 0xE6 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x56 0xB6 0x2F 0xCD ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x50 0x6C 0xB7 0x50 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg                                                                       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...
 

---- Files - GMER 1.0.15 ----
 

File                                                                      C:\Programme\ASUS\ASUS Data Security Manager\driver\x86                                                             0 bytes

File                                                                      C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                   29752 bytes executable

File                                                                      C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                        512 bytes

File                                                                      C:\ADSM_PData_0150                                                                                                  0 bytes

File                                                                      C:\ADSM_PData_0150\DB                                                                                               0 bytes

File                                                                      C:\ADSM_PData_0150\DB\SI.db                                                                                         624 bytes

File                                                                      C:\ADSM_PData_0150\DB\UL.db                                                                                         16 bytes

File                                                                      C:\ADSM_PData_0150\DB\VL.db                                                                                         16 bytes

File                                                                      C:\ADSM_PData_0150\DB\_avt                                                                                          512 bytes

File                                                                      C:\ADSM_PData_0150\DragWait.exe                                                                                     253952 bytes executable

File                                                                      C:\ADSM_PData_0150\_avt                                                                                             512 bytes
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 22:43:11 on 24.03.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "Raxco Software, Inc." - C:\WINDOWS\system32\PDBoot.exe

"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl

"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl

"Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl

"ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"a9qxhjfg" (a9qxhjfg) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a9qxhjfg.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys

"apaszghy" (apaszghy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\apaszghy.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"ASAPIW2K" (ASAPIW2K) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\Drivers\asapiW2k.sys

"ASMMAP" (ASMMAP) - ? - C:\Programme\ATKGFNEX\ASMMAP.sys

"ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS

"ASPI32" (ASPI32) - ? - C:\WINDOWS\system32\drivers\ASPI32.sys  (File not found)

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\cofi.exe\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\AsDsm.sys

"ddxgb" (ddxgb) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ddxgb.sys  (File not found)

"Defrag32" (Defrag32) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32.sys

"Defrag32Boot" (Defrag32b) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32b.sys

"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys

"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys

"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys

"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys

"SyGate for NT, wg3n" (wg3n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys

"SyGate for NT, wg4n" (wg4n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys

"SyGate for NT, wg5n" (wg5n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys

"SyGate for NT, wg6n" (wg6n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys

"TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys

"Teefer for NT" (Teefer) - "Sygate Technologies, Inc." - C:\WINDOWS\System32\Drivers\Teefer.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"wpsdrvnt" (wpsdrvnt) - "Sygate Technologies, Inc." - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{0cab0400-7395-11d0-a5e5-0020afe2fdd9} "Quick View Plus - ShellExecute Hook" - "Stellent, Inc." - C:\WINDOWS\qvphook.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{F0F08737-0C36-101B-B086-0020AF07D0F4} "Quick View Plus - Shell Extension object" - "Stellent, Inc." - C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 10\programs\BlueShellExt.dll  (File found, but it contains no detailed information)

{2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - ? -   (File not found | COM-object registry key not found)

{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - ? -   (File not found | COM-object registry key not found)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"CCC.lnk" - "ATI Technologies Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun

"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----

"FlashPlayerUpdate" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"ASUS Camera ScreenSaver" - ? - C:\WINDOWS\ASScrProlog.exe  (File found, but it contains no detailed information)

"ASUS Screen Saver Protector" - ? - C:\WINDOWS\ASScrPro.exe

"ATKHOTKEY" - "ATK0100" - "C:\Programme\ATK Hotkey\Hcontrol.exe"

"ATKOSD2" - ? - "C:\Programme\ATKOSD2\ATKOSD2.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HControlUser" - ? - "C:\Programme\ATK Hotkey\HcontrolUser.exe"

"MsgTranAgt" - ? - "C:\Programme\ATK Hotkey\MsgTranAgt.exe"

"Power_Gear" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

"SmcService" - "Sygate Technologies, Inc." - C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"Wireless Console 2" - ? - "C:\Programme\Wireless Console 2\wcourier.exe"
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Atheros Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll  (File not found)
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"ADSM Service" (ADSMService) - ? - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Atheros-Konfigurationsdienst" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe

"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Programme\ATKGFNEX\GFNEXSrv.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll

"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDEngine.exe

"PDScheduler" (PDSched) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDSched.exe

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll

"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

"Sygate Personal Firewall" (SmcService) - "Sygate Technologies, Inc." - C:\Programme\Sygate\SPF\smc.exe

"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

"TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Programme\Tunngle\TnglCtrl.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

MBR Check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 166):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 spiy.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6D000 ACPI.sys
0xBA0A8000 isapnp.sys
0xB9E5C000 pci.sys
0xB9E4A000 sfsync04.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9E2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9E05000 dmio.sys
0xBA671000 siside.sys
0xBA4C4000 ACPIEC.sys
0xBA672000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9DED000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DCD000 fltmgr.sys
0xB9DBB000 sr.sys
0xBA0F8000 AsDsm.sys
0xBA108000 PxHelp20.sys
0xB9DA4000 KSecDD.sys
0xB9D8F000 WudfPf.sys
0xBA118000 Defrag32b.sys
0xB9D02000 Ntfs.sys
0xB9CD5000 NDIS.sys
0xB9CB8000 Teefer.sys
0xB9CA5000 sfvfs02.sys
0xBA338000 sfhlp02.sys
0xB9C93000 sfdrv01.sys
0xB9C79000 Mup.sys
0xBA390000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0xBA178000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB980B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB97CF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA5B2000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA198000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA3B8000 \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys
0xBA5B4000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0xBA3C8000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xBA564000 \SystemRoot\system32\drivers\pfc.sys
0xBA3D8000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB97AC000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9788000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9701000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xB96D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB96A2000 \SystemRoot\System32\Drivers\a9qxhjfg.SYS
0xB9669000 \SystemRoot\System32\Drivers\apaszghy.SYS
0xBA590000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA398000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBA79B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9652000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9641000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9571000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA238000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5C2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9513000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C41000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB94BD000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xBA248000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xACFCD000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xACFA9000 \SystemRoot\system32\drivers\portcls.sys
0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys
0xACECF000 \SystemRoot\system32\DRIVERS\smserial.sys
0xBA460000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA5A0000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xBA5D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7F3000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D4000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA490000 \SystemRoot\System32\drivers\vga.sys
0xBA5D8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA4A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB94FB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xACE74000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xACE1B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xACDCD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA308000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xACD05000 \SystemRoot\system32\DRIVERS\netbt.sys
0xACCE3000 \SystemRoot\System32\drivers\afd.sys
0xBA148000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB94EF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA158000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xACCB8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA693000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB94A9000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
0xACC48000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA168000 \SystemRoot\System32\Drivers\Fips.SYS
0xACBDC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5E4000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB9611000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA420000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB95F1000 \SystemRoot\system32\drivers\RTSTOR.SYS
0xACEAF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xACB96000 \SystemRoot\System32\Drivers\usbvideo.sys
0xB95C1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xACB85000 \SystemRoot\System32\Drivers\Udfs.SYS
0xACB61000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xACB49000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xACE0F000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA478000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA757000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF05F000 \SystemRoot\System32\ati2cqag.dll
0xBF0DE000 \SystemRoot\System32\atikvmag.dll
0xBF14E000 \SystemRoot\System32\atiok3x2.dll
0xBF17C000 \SystemRoot\System32\ati3duag.dll
0xBF484000 \SystemRoot\System32\ativvaxx.dll
0xBF633000 \SystemRoot\System32\ATMFD.DLL
0xAA7E4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAA79C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA5FC000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys
0xAA5F4000 \SystemRoot\SYSTEM32\Drivers\wg4n.sys
0xAA5EC000 \SystemRoot\SYSTEM32\Drivers\wg5n.sys
0xAA5DC000 \SystemRoot\SYSTEM32\Drivers\wg6n.sys
0xBA450000 \??\C:\Programme\ATKGFNEX\ASMMAP.sys
0xAA31F000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA5BC000 \SystemRoot\system32\drivers\sysaudio.sys
0xAA18A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA0F2000 \SystemRoot\System32\Drivers\Defrag32.SYS
0xBA5D2000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA9F52000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9A17000 \SystemRoot\System32\Drivers\HTTP.sys
0xA97BE000 \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS
0xBA468000 \??\C:\cofi.exe\catchme.sys
0xBA5E2000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA9096000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\agkyruob.sys
0xA9EC0000 \SystemRoot\system32\DRIVERS\SiSGbeXP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\Alcohol Soft\Alcohol 52\Alcoholx.dll

Processes (total 55):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
1108 csrss.exe
1140 C:\WINDOWS\system32\winlogon.exe
1184 C:\WINDOWS\system32\services.exe
1196 C:\WINDOWS\system32\lsass.exe
1384 C:\WINDOWS\system32\ati2evxx.exe
1416 C:\WINDOWS\system32\svchost.exe
1528 svchost.exe
1744 C:\WINDOWS\system32\svchost.exe
1788 C:\WINDOWS\system32\svchost.exe
1820 C:\WINDOWS\system32\ati2evxx.exe
280 svchost.exe
512 svchost.exe
808 C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe
824 C:\Programme\ATKGFNEX\GFNEXSrv.exe
1008 C:\WINDOWS\system32\spoolsv.exe
660 C:\WINDOWS\system32\acs.exe
1576 C:\Programme\Avira\AntiVir Desktop\sched.exe
1712 svchost.exe
712 C:\Programme\Avira\AntiVir Desktop\avguard.exe
628 C:\WINDOWS\system32\svchost.exe
456 C:\Programme\Java\jre6\bin\jqs.exe
1080 C:\WINDOWS\system32\svchost.exe
1596 C:\WINDOWS\system32\oodag.exe
2848 C:\WINDOWS\system32\svchost.exe
2936 C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
3076 C:\WINDOWS\system32\svchost.exe
3116 C:\Programme\Tunngle\TnglCtrl.exe
1088 C:\Programme\ATK Hotkey\HControlUser.exe
524 C:\Programme\ATK Hotkey\HControl.exe
2300 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2440 C:\Programme\ATK Hotkey\MsgTranAgt.exe
2608 C:\Programme\ATKOSD2\ATKOSD2.exe
2760 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3032 C:\Programme\Wireless Console 2\wcourier.exe
3356 C:\WINDOWS\ASScrPro.exe
3532 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
3540 alg.exe
3696 C:\Programme\ATK Hotkey\ATKOSD.exe
4056 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
1964 C:\Programme\ATK Hotkey\KBFiltr.exe
1980 C:\Programme\DAEMON Tools Lite\DTLite.exe
2568 C:\Programme\ATK Hotkey\WDC.exe
3952 C:\WINDOWS\system32\svchost.exe
4000 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3232 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
7040 C:\WINDOWS\explorer.exe
7004 C:\Programme\Mozilla Firefox\firefox.exe
1168 C:\Programme\Sygate\SPF\Smc.exe
6348 wmiprvse.exe
4760 C:\Programme\Avira\AntiVir Desktop\avcenter.exe
8140 C:\Programme\Mozilla Firefox\plugin-container.exe
6520 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`499f7e00 (NTFS)

PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

cosinus

25.03.2011 10:54

Hast du noch die Sygate-Firewall drauf? Bitte umgehend deinstallieren, das Teil ist kontraproduktiv und wird auch schon länger nicht mehr gepflegt/mit Updates versorgt. Bitte die Windows-Firewall verwenden!!

Zitat:

"ddxgb" (ddxgb) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ddxgb.sys (File not found)

Nitte mit OSAM deaktivieren und löschen (delete from storage)

m4D_guY

25.03.2011 14:30

Sygate ist deinstalliert.
Sollte ich mir ZoneAlaram zulegen, diese benutzte ich früher?
Jedoch wurde mir Sygate empfohle, da es öfter zu abstürzen von Spielen mit Zonealarm kam. (Aufgrund des Hinweisfensters oder besser gesagt seiner Beschaffenheit als nicht "Windowsfenster").

"delete from storage" kann ich nicht auswählen, habe im Internet auch nichts dazu gefunden, warum das so ist.
(siehe Screenshot3)

Noch eine Frage zum Schluss:

Wie kann ich das Doppelposting verhindern?
Ich möchte wirklich nicht den Eindruck vermitteln, dass ich das absichtlich mache um mehr Aufmerksamkeit zu bekommen

cosinus

25.03.2011 15:20

Zitat:

Sollte ich mir ZoneAlaram zulegen, diese benutzte ich früher?

NEIN!! Windows-Firewall ist alles was man braucht!!

Beachte zu OSAM bitte nochmal die Anleitung, bisher klappte das mit dem delte from storage immer.

m4D_guY

25.03.2011 17:18

Ich hoffe ich habe alles richtig gemacht.
Laut Anleitung sollte nach dem Neustart ein Logfile auftauchen, ist es aber nicht.
Daraufhin habe ich einfach auf Savelog geklickt und dieses Log ier gepostet.
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 16:50:55 on 25.03.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "Raxco Software, Inc." - C:\WINDOWS\system32\PDBoot.exe

"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl

"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl

"Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl

"ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"adjz2bo1" (adjz2bo1) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\adjz2bo1.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys

"ASAPIW2K" (ASAPIW2K) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\Drivers\asapiW2k.sys

"ASMMAP" (ASMMAP) - ? - C:\Programme\ATKGFNEX\ASMMAP.sys

"ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS

"ASPI32" (ASPI32) - ? - C:\WINDOWS\system32\drivers\ASPI32.sys  (File not found)

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"ayaqa7ud" (ayaqa7ud) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ayaqa7ud.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"catchme" (catchme) - ? - C:\cofi.exe\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\AsDsm.sys

"Defrag32" (Defrag32) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32.sys

"Defrag32Boot" (Defrag32b) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32b.sys

"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys

"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys

"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys

"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys

"TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

(Disabled) "ddxgb" (ddxgb) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ddxgb.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{0cab0400-7395-11d0-a5e5-0020afe2fdd9} "Quick View Plus - ShellExecute Hook" - "Stellent, Inc." - C:\WINDOWS\qvphook.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{F0F08737-0C36-101B-B086-0020AF07D0F4} "Quick View Plus - Shell Extension object" - "Stellent, Inc." - C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 10\programs\BlueShellExt.dll  (File found, but it contains no detailed information)

{2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - ? -   (File not found | COM-object registry key not found)

{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - ? -   (File not found | COM-object registry key not found)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"CCC.lnk" - "ATI Technologies Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun

"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"ASUS Camera ScreenSaver" - ? - C:\WINDOWS\ASScrProlog.exe  (File found, but it contains no detailed information)

"ASUS Screen Saver Protector" - ? - C:\WINDOWS\ASScrPro.exe

"ATKHOTKEY" - "ATK0100" - "C:\Programme\ATK Hotkey\Hcontrol.exe"

"ATKOSD2" - ? - "C:\Programme\ATKOSD2\ATKOSD2.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HControlUser" - ? - "C:\Programme\ATK Hotkey\HcontrolUser.exe"

"MsgTranAgt" - ? - "C:\Programme\ATK Hotkey\MsgTranAgt.exe"

"Power_Gear" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"Wireless Console 2" - ? - "C:\Programme\Wireless Console 2\wcourier.exe"
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Atheros Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll  (File not found)
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"ADSM Service" (ADSMService) - ? - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Atheros-Konfigurationsdienst" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe

"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Programme\ATKGFNEX\GFNEXSrv.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll

"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDEngine.exe

"PDScheduler" (PDSched) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDSched.exe

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll

"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

"TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Programme\Tunngle\TnglCtrl.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

cosinus

25.03.2011 18:27

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

m4D_guY

25.03.2011 21:48

hier von Malewarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6137

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25.03.2011 21:40:38
mbam-log-2011-03-25 (21-40-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 151440
Laufzeit: 4 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und der Superantispyware log

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/25/2011 at 09:14 PM

Application Version : 4.50.1002

Core Rules Database Version : 6674
Trace Rules Database Version: 4486

Scan type : Complete Scan
Total Scan Time : 02:02:55

Memory items scanned : 683
Memory threats detected : 0
Registry items scanned : 8178
Registry threats detected : 0
File items scanned : 163449
File threats detected : 5

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@doubleclick[1].txt
media.mtvnservices.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VKWG2G2N ]
secure-us.imrworldwide.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VKWG2G2N ]
Free Porn Videos & Sex Movies - Porno, XXX, Porn Tube and Pussy Porn [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VKWG2G2N ]

Unclassified.Monitor/ActualSpy
C:\PROGRAMME\MG11\SUPPORT\MGGSTR32.DLL

cosinus

26.03.2011 18:14

Zitat:

Datenbank Version: 6137

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

m4D_guY

26.03.2011 21:24

Oh ich dachte weil ich das vor ein paar Tagen aktualiesiert hätte wäre eh nichts neues dazu gekommen.

Hier das Log der aktualisierten Version:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6176

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

26.03.2011 20:19:16
mbam-log-2011-03-26 (20-19-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 151776
Laufzeit: 4 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus

26.03.2011 21:57

Zitat:

Unclassified.Monitor/ActualSpy
C:\PROGRAMME\MG11\SUPPORT\MGGSTR32.DLL

sagt dir das Programm mg11 was?

m4D_guY

27.03.2011 00:08

Ich glaube das ist das Programm :"MapandGuide".
Muss schon vorinstalliert gewesen sein, da ich es nicht installiert habe.
Benötige es auch nicht, also kann es von meiner Seite aus im Zweifelsfall gelöscht werden.

cosinus

27.03.2011 19:42

Machst du bitte noch einen Vollscan mit Malwarebytes? Ich hab immer einen Vollscan sehen wollen, du hast aber immer nur Quickscans gemacht! Und vor jedem Scan musst du Malwarebytes updaten!!

m4D_guY

28.03.2011 16:50

Hier das Malewarebytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6191

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28.03.2011 17:31:42
mbam-log-2011-03-28 (17-31-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 309929
Laufzeit: 1 Stunde(n), 19 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

m4D_guY

28.03.2011 18:06

Hier das Malwarebytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6191

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28.03.2011 17:31:42
mbam-log-2011-03-28 (17-31-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 309929
Laufzeit: 1 Stunde(n), 19 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus

28.03.2011 19:26

Ok ;)
Noch Probleme oder ist nun alles gut?

m4D_guY

28.03.2011 21:30

Liste der Anhänge anzeigen (Anzahl: 1)

Ich weiß nicht so genau ob es von Bedeutung ist, aber seit einem der vielen Neustarts taucht immer ein Fenster auf, welches nach einiger zeit von alleine verschwindet auch ohne auf ok zu klicken.

(siehe Screenshot4)

Desweiteren habe ich das Gefühl, dass der PC länger zum hochfahren benötigt.
Liegt meines Erachtens nach aber an den neu instalierten antimaleware Programmen die sich beim Start immer alle ausführen.

Außerdem gab es 2 Bluescreens, die ich auf diesem PC noch nie hatte.

cosinus

29.03.2011 09:57

1. Die Programme kannst du wieder alle runterschmeißen. Malwarebytes kannst du aber ruhig behalten.

2. Zur Fehlermeldung bitte frische Logs von OTL.exe posten

m4D_guY

29.03.2011 13:08

So, hier das OTL Log:OTL Logfile:

Code:

OTL logfile created on: 29.03.2011 13:50:19 - Run 3

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 52,02 Gb Free Space | 55,85% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,79 Gb Free Space | 37,78% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\ASScrPro.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Programme\ATK Hotkey\WDC.exe ()

PRC - C:\Programme\ATK Hotkey\HControlUser.exe ()

PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\WINDOWS\system32\acs.exe (Atheros)

PRC - C:\Programme\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Programme\Wireless Console 2\wcourier.exe ()

PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) --  File not found

SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

SRV - (PDEngine) -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDSched) -- C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)

SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)

DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AsDsm) -- C:\WINDOWS\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()

DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)

DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)

DRV - (Defrag32b) -- C:\WINDOWS\System32\drivers\defrag32b.sys (Raxco Software, Inc.)

DRV - (Defrag32) -- C:\WINDOWS\System32\drivers\defrag32.sys (Raxco Software, Inc.)

DRV - (siside) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)

DRV - (ASNDIS5) -- C:\Programme\ATK Hotkey\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5

FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.09.24 20:27:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.09.24 20:27:54 | 000,000,000 | ---D | M]

 

[2008.12.24 18:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2011.03.28 22:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions

[2011.03.28 20:07:28 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

[2011.03.27 21:33:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.03.24 17:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\conduit.xml

[2008.12.26 22:16:18 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rgq8w14b.default\searchplugins\youtube-videosuche.xml

[2011.03.28 22:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.12 19:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.07 00:33:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.07 00:33:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.07 00:33:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.07 00:33:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.07 00:33:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.03.24 20:55:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100)

O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Programme\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [MsgTranAgt] C:\Programme\ATK Hotkey\MsgTranAgt.exe ()

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.09.24 22:46:32 | 000,000,718 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008.05.01 19:36:21 | 000,726,248 | R--- | M] (BioWare) - F:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.11.16 00:48:02 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.03.25 20:06:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

[2011.03.25 20:06:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com

[2011.03.25 20:06:22 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware

[2011.03.25 20:04:58 | 010,730,992 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Administrator\Desktop\SUPERAntiSpyware.exe

[2011.03.25 17:32:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Online Solutions

[2011.03.24 23:39:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\OSAM

[2011.03.24 22:36:37 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe

[2011.03.24 22:35:56 | 002,161,480 | ---- | C] (Norman ASA) -- C:\Dokumente und Einstellungen\Administrator\Desktop\Norman_TDSS_Cleaner.exe

[2011.03.24 17:28:20 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011.03.24 17:26:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011.03.24 17:26:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011.03.24 17:26:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011.03.24 17:26:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011.03.24 17:26:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011.03.24 17:26:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.03.24 17:22:00 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2011.03.24 17:11:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2011.03.24 17:10:17 | 003,050,472 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ccsetup305.exe

[2011.03.23 16:36:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 02:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.03.23 02:57:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.03.23 02:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.03.23 02:57:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.03.23 02:57:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.03.23 02:47:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.22 16:08:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BioWare

[2011.03.20 19:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GUILD WARS

[2011.03.20 19:56:31 | 000,165,248 | ---- | C] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.15 18:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

[2008.09.24 23:28:41 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.03.29 12:29:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.03.29 12:29:22 | 000,293,037 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.03.29 00:34:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011.03.28 22:27:08 | 000,009,860 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scrennshot4.JPG

[2011.03.28 20:15:33 | 004,000,738 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Hard Trance Mix.mp3

[2011.03.25 20:06:24 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.03.25 20:05:32 | 010,730,992 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Administrator\Desktop\SUPERAntiSpyware.exe

[2011.03.25 18:15:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.03.25 15:34:32 | 000,062,234 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scrennshot3.zip

[2011.03.25 15:28:42 | 000,083,414 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scrennshot3.JPG

[2011.03.25 02:46:50 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe

[2011.03.24 23:44:20 | 000,301,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\sic9x5lp.exe

[2011.03.24 23:34:05 | 004,272,474 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\osam_autorun_manager_5_0_portable.rar

[2011.03.24 22:35:56 | 002,161,480 | ---- | M] (Norman ASA) -- C:\Dokumente und Einstellungen\Administrator\Desktop\Norman_TDSS_Cleaner.exe

[2011.03.24 22:34:50 | 001,263,721 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.zip

[2011.03.24 21:06:50 | 000,017,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\screenshot2.JPG

[2011.03.24 20:55:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011.03.24 17:28:25 | 000,000,394 | RHS- | M] () -- C:\boot.ini

[2011.03.24 17:11:32 | 000,000,665 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

[2011.03.24 17:10:18 | 003,050,472 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ccsetup305.exe

[2011.03.24 16:24:01 | 004,301,456 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cofi.exe.exe

[2011.03.23 16:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.03.23 04:09:32 | 000,142,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 04:07:26 | 000,140,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 04:06:44 | 000,179,279 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 04:00:18 | 003,840,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 02:57:24 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 02:49:16 | 000,742,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.23 02:48:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.50.1.1100.exe

[2011.03.23 00:31:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.03.22 16:08:58 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 19:57:04 | 000,000,391 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.20 19:56:28 | 000,165,248 | ---- | M] (ArenaNet) -- C:\Dokumente und Einstellungen\Administrator\Desktop\GwSetup.exe

[2011.03.18 20:46:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.03.15 00:48:56 | 000,014,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.11 13:34:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.03.10 13:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe

[2011.03.03 19:39:02 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[57 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.03.28 22:27:07 | 000,009,860 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scrennshot4.JPG

[2011.03.28 20:15:22 | 004,000,738 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Hard Trance Mix.mp3

[2011.03.25 20:06:24 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.03.25 15:34:32 | 000,062,234 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scrennshot3.zip

[2011.03.25 15:28:42 | 000,083,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scrennshot3.JPG

[2011.03.25 02:46:50 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe

[2011.03.24 23:44:20 | 000,301,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\sic9x5lp.exe

[2011.03.24 23:34:03 | 004,272,474 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\osam_autorun_manager_5_0_portable.rar

[2011.03.24 22:34:47 | 001,263,721 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.zip

[2011.03.24 21:06:50 | 000,017,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\screenshot2.JPG

[2011.03.24 17:28:25 | 000,000,278 | ---- | C] () -- C:\Boot.bak

[2011.03.24 17:28:21 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2011.03.24 17:26:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011.03.24 17:26:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011.03.24 17:26:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011.03.24 17:26:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011.03.24 17:26:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011.03.24 17:11:32 | 000,000,665 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

[2011.03.24 16:24:00 | 004,301,456 | R--- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cofi.exe.exe

[2011.03.23 04:09:31 | 000,142,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.zip

[2011.03.23 04:07:24 | 000,140,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.rar

[2011.03.23 04:06:43 | 000,179,279 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.JPG

[2011.03.23 03:58:01 | 003,840,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshot1.bmp

[2011.03.23 02:57:23 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.03.23 02:49:23 | 000,742,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.03.22 16:08:56 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mass Effect.lnk

[2011.03.20 19:57:03 | 000,000,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GUILD WARS.lnk

[2011.03.15 00:48:54 | 000,014,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Praktikumsvereinbarung.odt

[2011.03.03 19:39:00 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Counter-Strike Source.url

[2011.01.19 17:37:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011.01.19 17:04:37 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe

[2010.07.13 23:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat

[2010.06.01 18:28:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.06.01 18:28:01 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.04.07 18:18:58 | 000,159,980 | ---- | C] () -- C:\WINDOWS\hpoins14.dat

[2010.04.07 18:18:58 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat

[2010.03.05 16:13:07 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009.01.13 16:50:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.01.09 18:43:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.01.04 19:39:29 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.27 01:08:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe

[2008.12.26 22:48:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.12.24 18:36:29 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.12.24 18:19:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008.12.24 17:26:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008.09.25 02:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2008.09.25 01:59:58 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe

[2008.09.25 01:59:58 | 000,033,136 | ---- | C] () -- C:\WINDOWS\ASScrPro.exe

[2008.09.25 01:59:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2008.09.24 23:37:19 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2008.09.24 23:37:18 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2008.09.24 23:37:17 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2008.09.24 23:37:16 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2008.09.24 23:08:00 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc

[2008.09.24 23:06:42 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008.09.24 23:06:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.09.24 22:53:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008.09.24 22:48:41 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL

[2008.09.24 22:46:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VFO.INI

[2008.09.24 22:46:26 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.09.24 22:46:26 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.09.24 22:46:26 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.09.24 22:46:26 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.09.24 22:46:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.09.24 20:27:54 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008.09.24 20:11:51 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.09.24 20:08:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008.09.24 19:53:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008.09.24 19:41:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008.09.24 19:36:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008.09.24 19:35:31 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.09.13 00:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2006.06.01 22:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2006.06.01 20:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.06.01 20:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.06.01 20:06:00 | 000,462,550 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.06.01 20:06:00 | 000,443,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.06.01 20:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.06.01 20:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.06.01 20:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.06.01 20:06:00 | 000,085,732 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.06.01 20:06:00 | 000,072,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.06.01 20:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.06.01 20:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.06.01 20:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.06.01 20:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.06.01 20:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.06.01 20:06:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006.06.01 20:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.04.29 17:43:54 | 000,000,288 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006.04.19 01:30:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004.12.20 19:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2004.03.11 02:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
 

< End of report >

--- --- ---

und das OTL extras Log:OTL Logfile:

Code:

OTL Extras logfile created on: 29.03.2011 13:50:19 - Run 3

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 93,15 Gb Total Space | 52,02 Gb Free Space | 55,85% Space Free | Partition Type: NTFS

Drive D: | 139,73 Gb Total Space | 52,79 Gb Free Space | 37,78% Space Free | Partition Type: NTFS

Drive F: | 4,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JOHANNES-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\Spiele\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()

"D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()

"D:\Spiele\Rise and Fall\RiseAndFall.exe" = D:\Spiele\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War -- (Midway Home Entertainment)

"D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe" = D:\Spiele\CoH\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)

"D:\Spiele\Two Worlds\TwoWorlds.exe" = D:\Spiele\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump)

"D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe" = D:\Spiele\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump)

"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"D:\Spiele\Stronghold 2\Stronghold2.exe" = D:\Spiele\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\trollcook\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"D:\Spiele\Mass Effect\Binaries\MassEffect.exe" = D:\Spiele\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"D:\Spiele\Mass Effect\MassEffectLauncher.exe" = D:\Spiele\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07E23E10-F663-5D23-6393-DC82AFC8B475}" = ccc-core-static

"{0CE42E4B-82AA-41AE-BB33-E0307555D4C9}" = Catalyst Control Center Localization Chinese Standard

"{0FFC10A2-3B60-283D-0DDE-91EF4A3B0969}" = Catalyst Control Center Localization Finnish

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18742725-FAAF-4FF5-AA21-88A5814BC9CE}" = Audiograbber 1.83 SE

"{18F98693-AF94-11FC-0650-25E724F58C9E}" = Catalyst Control Center Graphics Full Existing

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{221F14FF-7DAA-70C4-3A46-FA50EC2AB6E1}" = CCC Help Portuguese

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{27A5A63B-3290-F55F-FD6D-D8F87CC0006F}" = Catalyst Control Center Localization Thai

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2B85C4A2-9E74-E583-01A8-B947172F39D4}" = Catalyst Control Center Localization Japanese

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004

"{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}" = Microsoft Games for Windows - LIVE Redistributable

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{33CD74BF-8544-15AF-D4A9-BA1791550927}" = Catalyst Control Center Core Implementation

"{344C4348-6397-FEEB-ADE5-98D95D5A87E3}" = CCC Help Chinese Standard

"{34D1C6F2-5B2C-A27E-CC6D-FE55B78DEB69}" = Catalyst Control Center Localization Spanish

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium

"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32

"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear

"{44F934C2-3CFB-1229-6872-35F3662268F6}" = Catalyst Control Center Localization French

"{461B9564-65CB-1D4A-46B2-CC27DC4F07EC}" = CCC Help Swedish

"{4F400CD4-ABB5-5973-8F0C-40BBF28C0B8C}" = CCC Help Turkish

"{4FBA95A6-7F4E-6ED0-EA7A-A3C46A64A51E}" = CCC Help Thai

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{5039F71C-7A31-568E-D002-07FF5F95ACBF}" = CCC Help English

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{52326763-A5B3-9514-4655-A82828CD9B2D}" = Catalyst Control Center Localization Norwegian

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{539D0779-8D8D-9BB8-8D1C-F04C647B6267}" = CCC Help German

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{571A9704-FA7C-9560-7AEF-2B630DCB894B}" = CCC Help Spanish

"{579141D6-019E-A917-97A3-359E87EDC2C2}" = Catalyst Control Center Localization Czech

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{5954CB86-A47E-F865-A534-2473C7500EA4}" = Catalyst Control Center Localization German

"{5A02B151-2AA2-D1C6-6165-F6AA00C1D9C4}" = Catalyst Control Center Localization Turkish

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos

"{5F407E27-927F-3997-EDF1-2EF57FE14328}" = CCC Help Italian

"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60829E1B-6DD2-2D98-ED53-BA097E84A954}" = Catalyst Control Center Localization Russian

"{6179B0A4-9A6D-9793-9839-30A637DD70FB}" = Catalyst Control Center Localization Dutch

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6DEAD32C-7067-6AA8-5CDB-A1FDCA44A4B6}" = Catalyst Control Center Graphics Previews Common

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{739ECDBA-F065-73DB-0553-BA8A4F8B4753}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78155353-3D54-2FCA-395D-1BABEEC2C562}" = CCC Help Korean

"{793D040C-F449-8EE9-484F-F9084321D747}" = CCC Help Dutch

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{7F6B6DC9-F082-5A97-A240-1D71042C00CA}" = Catalyst Control Center Localization Chinese Traditional

"{7F976697-3404-1BBE-48A4-EB154BE2492B}" = CCC Help Chinese Traditional

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{81CC6FB7-8EF6-0ACB-60EC-B0F035B2EDCA}" = Catalyst Control Center Localization Danish

"{8238F0E3-34A4-47DE-A78A-8753C21EFAC0}" = CCC Help Russian

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{850C4C12-57E2-43E4-B66B-B08B120C55F3}" = FireBurner

"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006

"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold

"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5

"{8734AA3A-E94D-2A2E-4B37-902E104DFC46}" = Catalyst Control Center Localization Polish

"{87911A27-1567-42B0-B8B7-2150D20E7AB6}" = DDBAC

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90A50153-331D-FFFF-4F21-D146672B3AB7}" = Catalyst Control Center Localization Italian

"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a

"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean

"{9757A86E-ACAB-9AE2-2B51-B78AD70B0DFD}" = Catalyst Control Center Graphics Light

"{97AFD0D8-5720-4A59-BFDC-CB92A36FADF9}_is1" = Company of Heroes: Eastern Front 1.20

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{9920A86F-A622-2D1C-0BE6-D872B8FD2A2B}" = CCC Help Japanese

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A73B5BA6-2540-C173-6AC9-2110778D3EB4}" = CCC Help Greek

"{A75C66FD-02D5-4D0D-DCB1-6C2730B3E4AF}" = Catalyst Control Center Localization Greek

"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI

"{A8B30A2D-5428-6259-3CC8-81F725B44130}" = CCC Help Finnish

"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF5FFB4C-3175-9482-4F03-D68AB423368A}" = Catalyst Control Center Localization Swedish

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B05A5743-AF48-60B3-BEFD-0F042FDB75B4}" = ccc-utility

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BFD9BF35-B5B3-B021-8F71-9D0137AAB57F}" = ccc-core-preinstall

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk

"{C27DC823-0996-5109-2F03-C8BD43963438}" = CCC Help Polish

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{DAEB7FC7-1AAB-499A-241E-F54D1DD1725D}" = Catalyst Control Center Localization Korean

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DE486CCB-3C9B-7EEE-1328-2209EC6500EC}" = Catalyst Control Center Localization Portuguese

"{E0260323-5186-AAA6-43AD-48AE0E475689}" = CCC Help Czech

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39F7325-FFE5-EDEC-044B-812BA1B0C8F2}" = CCC Help French

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E5F9A595-3E77-55AB-6109-06C02BBC7F36}" = Skins

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EA759367-590A-AE0D-B2B0-E89151ACB9AE}" = CCC Help Hungarian

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID

"{F0B6BD72-54C6-F391-7AD8-DA26D572752A}" = CCC Help Danish

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F92EAC2A-1CBC-F17C-C3F0-E79C3697CE79}" = Catalyst Control Center Localization Hungarian

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"{FC9B3A61-FD27-85DE-C8DC-F04D7944B4B2}" = Catalyst Control Center Graphics Full New

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"AnyDVD" = AnyDVD

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"CDex" = CDex extraction audio

"CloneCD" = CloneCD

"CloneDVD2" = CloneDVD2

"Company of Heroes" = Company of Heroes

"DivX Setup.divx.com" = DivX-Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch

"EAX Unified" = EAX Unified

"Flyingcode NFO-Viewer_is1" = Flyingcode NFO-Viewer 1.0

"Freelancer 1.0" = Freelancer

"Guild Wars" = GUILD WARS

"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
 

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0

"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional

"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002

"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 1.9

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.27091

"Mafia" = Mafia

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"map&guide 11 Karte Deutschland City" = map&guide 11 Karte Deutschland City

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QVP" = Quick View Plus

"RegSupreme Pro_is1" = RegSupreme Pro 1.2

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"Soldat_is1" = Soldat 1.5.0

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"Steam App 240" = Counter-Strike: Source

"Steam App 630" = Alien Swarm

"Tunngle beta_is1" = Tunngle beta

"TVgenial" = TVgenial

"Two Worlds" = Two Worlds

"UltraISO_is1" = UltraISO 8.0 Premium Edition

"VLC media player" = VideoLAN VLC media player 0.8.2

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR Archivierer

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

"XviD_is1" = XviD 1.1 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.03.2011 15:51:51 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 18.03.2011 16:13:50 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 10:23:01 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 19.03.2011 15:52:06 | Computer Name = JOHANNES-LAPTOP | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,

 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0000100b.

 

Error - 20.03.2011 13:20:38 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 21.03.2011 16:58:49 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 11:35:04 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 22.03.2011 16:53:52 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:03:34 | Computer Name = JOHANNES-LAPTOP | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 23.03.2011 09:04:01 | Computer Name = JOHANNES-LAPTOP | Source = ESENT | ID = 490

Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 28.03.2011 16:16:36 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "PDScheduler" ist vom Dienst "PDEngine" abhängig, der aufgrund

 folgenden Fehlers nicht gestartet wurde:   %%1053

 

Error - 28.03.2011 16:24:38 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst PDEngine.

 

Error - 28.03.2011 16:24:38 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7000

Description = Der Dienst "PDEngine" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 28.03.2011 16:24:38 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "PDScheduler" ist vom Dienst "PDEngine" abhängig, der aufgrund

 folgenden Fehlers nicht gestartet wurde:   %%1053

 

Error - 28.03.2011 18:03:43 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst PDEngine.

 

Error - 28.03.2011 18:03:43 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7000

Description = Der Dienst "PDEngine" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 28.03.2011 18:03:43 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "PDScheduler" ist vom Dienst "PDEngine" abhängig, der aufgrund

 folgenden Fehlers nicht gestartet wurde:   %%1053

 

Error - 29.03.2011 06:31:08 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst PDEngine.

 

Error - 29.03.2011 06:31:08 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7000

Description = Der Dienst "PDEngine" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 29.03.2011 06:31:08 | Computer Name = JOHANNES-LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "PDScheduler" ist vom Dienst "PDEngine" abhängig, der aufgrund

 folgenden Fehlers nicht gestartet wurde:   %%1053

 

 

< End of report >

--- --- ---

m4D_guY

29.03.2011 13:09

Könnte mir mal einer Erklären warum bei mir immer Doppelposts kommen wenn ich ein Logfile poste?
:headbang::headbang::headbang::headbang::confused:

cosinus

29.03.2011 16:36

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

m4D_guY

29.03.2011 16:53

Hier das Log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:PDBoot.exe deleted successfully.
C:\WINDOWS\system32\PDBoot.exe moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 03292011_175705

cosinus

29.03.2011 17:02

Starte Windows neu und schau ob die Meldung immer noch auftaucht,

m4D_guY

29.03.2011 19:03

Nach dem Neustart taucht das Fenster/Meldung immer noch auf.

cosinus

29.03.2011 19:22

Zitat:

SRV - (PDEngine) -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDSched) -- C:\Programme\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)

Wird wohl an diesem Tool liegen. Brauchste das noch? Aus welcher Quelle stammt diese Installation?

m4D_guY

29.03.2011 20:34

Das Tool war bereits vor installiert und ist ein Defragmentierungstool.
Nachdem ich es deinstalliert hatte, tauchte die Meldung beim Neustart des PC´s nicht mehr auf.

cosinus

30.03.2011 08:39

Zitat:

Nachdem ich es deinstalliert hatte, tauchte die Meldung beim Neustart des PC´s nicht mehr auf.

Geht doch! :abklatsch:
Noch Probleme oder ist nun alles super?

m4D_guY

30.03.2011 11:18

Nein, Probleme gibts es keine mehr! :Boogie:
Ich möchte mich auch noch einmal sehr herzlich für die schnelle und kompetente Hilfe bedanken. Alleine hätte ich es niemals geschafft.

cosinus

30.03.2011 15:25

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

m4D_guY

05.04.2011 16:27

Sooo, habe nun endlich alles geupdatet.:applaus: :taenzer:
Ich melde mich nur noch einmal um daraufhinzuweise, das beim deinstallieren von Adobe Acrobat Reader, Firefox nicht automatisch nach einem anderen Programm sucht, um PDF´s zu öffnen.
Deshalb würde ich anregen, bei ähnlichem Hinweis an andere Nutzer, dieses zu erwähnen und eine Lösung anzubieten. (Firefox, einstellungen, den Reiter Anwendungen auswählen und dann entsprechend ein anderes Programm angeben)

Ich hoffe ich bin mit meiner "kosntruktiven Kritik" nicht über das Ziel hinausgeschossen und möchte mich noch einmal für die kompetente und schnelle Hilfe bedanken.:dankeschoen:

MfG m4D_guY

cosinus

05.04.2011 18:08

Zitat:

Firefox nicht automatisch nach einem anderen Programm sucht, um PDF´s zu öffnen.

Wenn du einen PDF-Reader installierst, bietet der beim Setup ein Browserplugin an. Wennn du den einzigen PDF-Reader deinstallierst, wie soll FF denn auch PDFs anzeigen?

Alle Zeitangaben in WEZ +1. Es ist jetzt 13:54 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132